Date: Wed, 1 Aug 2007 17:13:38 +0200 From: Patrick Proniewski <patpro@patpro.net> To: "Greg Hennessy" <Greg.Hennessy@nviz.net> Cc: freebsd-pf@freebsd.org Subject: Re: strange "throttling" issue with pf on xDSL connection Message-ID: <569F9080-B78F-400B-B3C5-FCA05F04BF80@patpro.net> In-Reply-To: <001101c7d441$0f61aa10$2e24fe30$@Hennessy@nviz.net> References: <DE71F511-8553-401A-A16C-DF4CAA5DA6E3@patpro.net> <001101c7d441$0f61aa10$2e24fe30$@Hennessy@nviz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01 ao=FBt 2007, at 15:37, Greg Hennessy wrote: > Posting a copy of your pf.conf here we go : # macros int_if =3D "em0" int_if_sec =3D "em1" ext_if =3D "fxp0" wif_if =3D "ath0" tcp_services =3D "{ 22, 113, 80, 443, 25, 53, 554 }" udp_services =3D "{ 53 }" admin_tcp_services =3D "{ 311, 625, 5900, 5988 }" admin_udp_services =3D "{ 3283 }" icmp_types =3D "echoreq" priv_nets =3D "{ 127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8 }" table <admin_nets> persist { --few IPs-- } table <friends> persist { --few IPs-- } table <spammers> persist file "/etc/pf.liste_ip_spamer" table <sshscan> persist file "/etc/pf.liste_ip_ssh_scan" table <webspam> persist file "/etc/pf.liste_ip_webspam" table <openarena> persist { --few IPs-- } # options set block-policy return set loginterface $ext_if # scrub scrub in all # nat/rdr nat on $ext_if from $int_if:network to any -> ($ext_if) nat on $ext_if from $int_if_sec:network to any -> ($ext_if) # filter rules block log all block in log quick proto tcp from <spammers> to any port smtp block in log quick proto tcp from <sshscan> to any port ssh block in log quick proto tcp from <webspam> to any port http pass quick on lo0 all block drop in log quick on $ext_if from $priv_nets to any block drop out log quick on $ext_if from any to $priv_nets pass in on $ext_if inet proto tcp from any to ($ext_if) port =20 $tcp_services flags S/SA keep state pass in on $ext_if inet proto udp from any to ($ext_if) port =20 $udp_services keep state ##### admin pass in log on $ext_if inet proto tcp from { <admin_nets>, =20 <friends> } to { ($ext_if), 192.168.0.2 } port $admin_tcp_services =20 flags S/SA keep state pass in log on $ext_if inet proto udp from { <admin_nets>, =20 <friends> } to { ($ext_if), 192.168.0.2 } port $admin_udp_services =20 keep state ##### OpenArena pass in on $ext_if inet proto tcp from <openarena> to ($ext_if) port =20 56789 flags S/SA keep state pass in on $ext_if inet proto udp from <openarena> to ($ext_if) port =20 56789 keep state pass in inet proto icmp all icmp-type $icmp_types keep state pass in on $int_if from $int_if:network to any keep state pass out on $int_if from any to $int_if:network keep state pass in on $int_if_sec from $int_if_sec:network to any keep state pass out on $int_if_sec from any to $int_if_sec:network keep state pass out on $ext_if proto tcp all modulate state flags S/SA pass out on $ext_if proto { udp, icmp } all keep state > and trawling the logs for drops around the > same time as the transfers are underway would be useful. Absolutely nothing interesting out of `tcpdump -n -e -ttt -i pflog0` Only a bunch of blocks for rule "0": 000000 rule 0/0(match): block in on fxp0: 82.235.245.158 > =20 82.235.12.223: [|tcp] 507955 rule 0/0(match): block in on fxp0: 82.235.245.158 > =20 82.235.12.223: [|tcp] 689510 rule 0/0(match): block in on fxp0: 82.235.245.158 > =20 82.235.12.223: [|tcp] 41. 432770 rule 0/0(match): block in on fxp0: 82.235.85.225 > =20 82.235.12.223: [|tcp] 584629 rule 0/0(match): block in on fxp0: 82.235.85.225 > =20 82.235.12.223: [|tcp] 2. 251236 rule 0/0(match): block in on fxp0: 82.235.228.221 > =20 82.235.12.223: [|tcp] 506420 rule 0/0(match): block in on fxp0: 82.235.225.106 > =20 82.235.12.223: [|tcp] 5. 288575 rule 0/0(match): block in on fxp0: 82.235.225.106 > =20 82.235.12.223: [|tcp] 12. 352415 rule 0/0(match): block in on fxp0: 82.235.245.158 > =20 82.235.12.223: [|tcp] I've found this in /var/log/debug.log: ../.. Aug 1 14:00:01 boleskine pflogd[410]: [priv]: msg PRIV_OPEN_LOG =20 received Aug 1 16:00:02 boleskine pflogd[410]: [priv]: msg PRIV_OPEN_LOG =20 received ../.. But I believe it's not related to my problem at all. regards, patpro
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?569F9080-B78F-400B-B3C5-FCA05F04BF80>