From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 15:04:39 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A3F1816A534 for ; Tue, 12 Dec 2006 15:04:39 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from arwen.teledomenet.gr (arwen.teledomenet.gr [213.142.128.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5047C43DD7 for ; Tue, 12 Dec 2006 15:01:23 +0000 (GMT) (envelope-from nvass@teledomenet.gr) Received: from iris ([192.168.1.71]) by arwen.teledomenet.gr (8.12.10/8.12.10) with ESMTP id kBCF2dm1021363; Tue, 12 Dec 2006 17:02:39 +0200 From: Nikos Vassiliadis To: freebsd-net@freebsd.org, Alexei Date: Tue, 12 Dec 2006 17:02:22 +0200 User-Agent: KMail/1.9.1 References: <166800308.20061212122746@sovetnik.org> <59764.217.12.197.82.1165920505.squirrel@sigma.interami.com> <1346165314.20061212140510@sovetnik.org> In-Reply-To: <1346165314.20061212140510@sovetnik.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200612121702.23014.nvass@teledomenet.gr> Cc: Subject: Re: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 15:04:39 -0000 On Tuesday 12 December 2006 13:05, Alexei wrote: > Hello. > > > set link mtu 1492 > > check with ps command in which state mpd is when issuing rc.d stop > > command. > > Ok, I'll try it when I'm at home (probably this evening). > > >> Nothing prevents it + ppp works fine. (But I don't like it for high > >> cpu load) > > > much better to show your rulebase > > 00003 11030 3231606 count ip from table(1) to { me or dst-ip 192.168.42.0/24 } in via tun1 > 00004 13117 1969687 count ip from { me or 192.168.42.0/24 } to table(1) out via tun1 > 00005 1273820 1279717924 count ip from not table(1) to { me or dst-ip 192.168.42.0/24 } in via tun1 > 00006 1507468 446055133 count ip from { me or 192.168.42.0/24 } to not table(1) out via tun1 > 00009 44 2296 reset tcp from any to me dst-port 1080,3128,8000,8080 > 00011 38793 4293064 allow ip from me to any via fxp0 > 00011 24488 1695925 allow ip from any to me via fxp0 > 00012 926 72148 allow ip from any to any via lo0 > 00013 0 0 allow ip from 192.168.42.0/24 to 192.168.0.0/24 > 00013 0 0 allow ip from 192.168.0.0/24 to 192.168.42.0/24 > 00014 0 0 allow ip from 192.168.42.0/24 to 192.168.11.0/24 > 00014 0 0 allow ip from 192.168.11.0/24 to 192.168.42.0/24 > 00015 0 0 allow ip from 192.168.42.0/24 to 192.168.12.0/24 > 00015 0 0 allow ip from 192.168.12.0/24 to 192.168.42.0/24 > 00016 8609 760802 allow ip from any to 192.168.0.0/24 > 00016 58 20512 allow ip from 192.168.0.0/24 to any > 00020 1520516 448026327 allow ip from me to any > 00022 0 0 allow ip from 10.176.204.0/24 to me dst-port 22,2345 > 00030 1118 73065 allow ip from { 217.78.xx.xx or 87.240.xx.xx } to me dst-port 4444 > 00051 16153 901778 allow ip from 85.94.xx.xx to me > 00100 13 1732 deny ip from any to me dst-port 22,4242,2345,4444 > 00101 1730 180253 deny ip from any to any dst-port 137,138,139,5000,445 > 00200 353792 78897431 allow ip from any to 192.168.42.2 > 00200 467364 392901222 allow ip from 192.168.42.2 to any > 00201 80648 14398889 allow ip from any to 192.168.43.2 > 00201 81229 4285726 allow ip from 192.168.43.2 to any > 01001 1267514 1281969619 allow ip from any to me > 65535 43 5654 deny ip from any to any > Your firewall rules are somehow obscure. Please do explicitly allow everything from your host to the world and back, early in your ruleset(something like "add 1 allow ip from me to any keep-state"). Test it and then fix your rules as wanted. Nikos