From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 04:00:51 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id C036716A4D2; Thu, 16 Sep 2004 04:00:51 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 4611 invoked by uid 1005); 2 Feb 2004 13:59:40 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 4608 invoked from network); 2 Feb 2004 13:59:40 -0000 Received: from moutng.kundenserver.de (212.227.126.187) by pd9530283.dip.t-dialin.net with SMTP; 2 Feb 2004 13:59:40 -0000 Received: from [212.227.126.212] (helo=mxng16.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AneXq-0004l0-00 for max@vampire.homelinux.org; Mon, 02 Feb 2004 14:55:22 +0100 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng16.kundenserver.de with esmtp (Exim 3.35 #1) id 1AneXp-0001Gc-00 for max@love2party.net; Mon, 02 Feb 2004 14:55:21 +0100 Received: from turing (localhost [127.0.0.1])ESMTP id 95DBE394CED; Mon, 2 Feb 2004 08:48:37 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Mon, 02 Feb 2004 08:48:18 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from sdf.lonestar.org (ol.freeshell.org [192.94.73.20]) ESMTP id B1075394A8A for ; Mon, 2 Feb 2004 08:48:15 -0500 (EST) Received: from sdf.lonestar.org (IDENT:jibe@sdf.lonestar.org [192.94.73.1]) by sdf.lonestar.org (8.12.10/8.12.10) with ESMTP id i12Dstcc026151; Mon, 2 Feb 2004 13:54:55 GMT Received: from localhost (localhost [[UNIX: localhost]]) by sdf.lonestar.org (8.12.10/8.12.8/Submit) id i12Dss99022608; Mon, 2 Feb 2004 13:54:54 GMT From: jb To: Max Laier Message-ID: <20040202135503.GA1715@fried.sakeos.net> References: <20040130123456.GA773@fried.sakeos.net> <20040131070219.GA72233@kt-is.co.kr> <20040131170657.GA5331@fried.sakeos.net> <200402011931.28647.max@love2party.net> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200402011931.28647.max@love2party.net> User-Agent: Mutt/1.4.1i X-archive-position: 267 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: jb@riseup.net Precedence: normal X-list: pf4freebsd Content-Transfer-Encoding: quoted-printable X-Provags-Forward: max@love2party.net -> max@vampire.homelinux.org X-UID: 385 X-Length: 5218 X-Mailman-Approved-At: Thu, 16 Sep 2004 04:05:47 +0000 cc: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: problem with 'user' X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 04:00:51 -0000 X-Original-Date: Mon, 2 Feb 2004 14:55:03 +0100 X-List-Received-Date: Thu, 16 Sep 2004 04:00:51 -0000 On Sun, Feb 01, 2004 at 07:31:28PM +0100, Max Laier wrote: >=20 > Please let us know if that was the case and we can assume that the user= =20 > stuff is working correctly now. Anyone else seeing this? it is possible there's something funny in my setup or something wrong I f= ail to see. I have the following: bash-2.05b$ sudo pfctl -Fs states cleared bash-2.05b$ sudo pfctl -f pf.ping bash-2.05b$ sudo pfctl -vvsr @0 pass in on lo0 all [ Evaluations: 0 Packets: 0 Bytes: 0 States: = 0 ] @1 pass out on lo0 all [ Evaluations: 0 Packets: 0 Bytes: 0 States: = 0 ] @2 block drop in log all [ Evaluations: 0 Packets: 0 Bytes: 0 States: = 0 ] @3 block drop out log all [ Evaluations: 0 Packets: 0 Bytes: 0 States: = 0 ] @4 pass out log quick all user =3D 1003 keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: = 0 ] @5 block drop out log proto icmp all [ Evaluations: 0 Packets: 0 Bytes: 0 States: = 0 ] # as user 1001: bash-2.05b$ ping 10.0.0.2 PING 10.0.0.2 (10.0.0.2): 56 data bytes 64 bytes from 10.0.0.2: icmp_seq=3D0 ttl=3D64 time=3D0.795 ms 64 bytes from 10.0.0.2: icmp_seq=3D1 ttl=3D64 time=3D0.693 ms 64 bytes from 10.0.0.2: icmp_seq=3D2 ttl=3D64 time=3D0.730 ms bash-2.05b$ sudo pfctl -vvsr @0 pass in on lo0 all [ Evaluations: 1 Packets: 0 Bytes: 0 States: = 0 ] @1 pass out on lo0 all [ Evaluations: 0 Packets: 0 Bytes: 0 States: = 0 ] @2 block drop in log all [ Evaluations: 1 Packets: 0 Bytes: 0 States: = 0 ] @3 block drop out log all [ Evaluations: 1 Packets: 0 Bytes: 0 States: = 0 ] @4 pass out log quick all user =3D 1003 keep state [ Evaluations: 1 Packets: 6 Bytes: 504 States: = 1 ] @5 block drop out log proto icmp all [ Evaluations: 0 Packets: 0 Bytes: 0 States: = 0 ] # in the meantime: bash-2.05b$ sudo pftcpdump -n -e -ttt -i pflog0 pftcpdump: WARNING: pflog0: no IPv4 address assigned pftcpdump: listening on pflog0 52. 041780 rule 4/0(match): pass out on sis0: 10.0.0.90 > 10.0.0.2: icmp:= echo request I've applied the patch Pyun sent me in the sources directly. I may have = done something weird at that moment. I will re-do things properly from ports/ later' jb