Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 1 Aug 2007 17:13:38 +0200
From:      Patrick Proniewski <patpro@patpro.net>
To:        "Greg Hennessy" <Greg.Hennessy@nviz.net>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: strange "throttling" issue with pf on xDSL connection
Message-ID:  <569F9080-B78F-400B-B3C5-FCA05F04BF80@patpro.net>
In-Reply-To: <001101c7d441$0f61aa10$2e24fe30$@Hennessy@nviz.net>
References:  <DE71F511-8553-401A-A16C-DF4CAA5DA6E3@patpro.net> <001101c7d441$0f61aa10$2e24fe30$@Hennessy@nviz.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 01 ao=FBt 2007, at 15:37, Greg Hennessy wrote:

> Posting a copy of your pf.conf

here we go :

# macros
int_if =3D "em0"
int_if_sec =3D "em1"
ext_if =3D "fxp0"
wif_if =3D "ath0"

tcp_services =3D "{ 22, 113, 80, 443, 25, 53, 554 }"
udp_services =3D "{ 53 }"
admin_tcp_services =3D "{ 311, 625, 5900, 5988 }"
admin_udp_services =3D "{ 3283 }"

icmp_types =3D "echoreq"

priv_nets =3D "{ 127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8 }"

table <admin_nets> persist { --few IPs-- }
table <friends> persist { --few IPs-- }
table <spammers> persist file "/etc/pf.liste_ip_spamer"
table <sshscan> persist file "/etc/pf.liste_ip_ssh_scan"
table <webspam> persist file "/etc/pf.liste_ip_webspam"
table <openarena> persist { --few IPs-- }

# options
set block-policy return
set loginterface $ext_if

# scrub
scrub in all

# nat/rdr
nat on $ext_if from $int_if:network to any -> ($ext_if)
nat on $ext_if from $int_if_sec:network to any -> ($ext_if)

# filter rules
block log all
block in log quick proto tcp from <spammers> to any port smtp
block in log quick proto tcp from <sshscan> to any port ssh
block in log quick proto tcp from <webspam> to any port http

pass quick on lo0 all

block drop in  log quick on $ext_if from $priv_nets to any
block drop out log quick on $ext_if from any to $priv_nets

pass in on $ext_if inet proto tcp from any to ($ext_if) port =20
$tcp_services flags S/SA keep state
pass in on $ext_if inet proto udp from any to ($ext_if) port =20
$udp_services keep state

##### admin
pass in log on $ext_if inet proto tcp from { <admin_nets>, =20
<friends> } to { ($ext_if), 192.168.0.2 } port $admin_tcp_services =20
flags S/SA keep state
pass in log on $ext_if inet proto udp from { <admin_nets>, =20
<friends> } to { ($ext_if), 192.168.0.2 } port $admin_udp_services =20
keep state
##### OpenArena
pass in on $ext_if inet proto tcp from <openarena> to ($ext_if) port =20
56789 flags S/SA keep state
pass in on $ext_if inet proto udp from <openarena> to ($ext_if) port =20
56789 keep state

pass in inet proto icmp all icmp-type $icmp_types keep state

pass in  on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state
pass in  on $int_if_sec from $int_if_sec:network to any keep state
pass out on $int_if_sec from any to $int_if_sec:network keep state

pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state


> and trawling the logs for drops around the
> same time as the transfers are underway would be useful.

Absolutely nothing interesting out of `tcpdump -n -e -ttt -i pflog0`
Only a bunch of blocks for rule "0":

000000 rule 0/0(match): block in on fxp0: 82.235.245.158 > =20
82.235.12.223: [|tcp]
507955 rule 0/0(match): block in on fxp0: 82.235.245.158 > =20
82.235.12.223: [|tcp]
689510 rule 0/0(match): block in on fxp0: 82.235.245.158 > =20
82.235.12.223: [|tcp]
41. 432770 rule 0/0(match): block in on fxp0: 82.235.85.225 > =20
82.235.12.223: [|tcp]
584629 rule 0/0(match): block in on fxp0: 82.235.85.225 > =20
82.235.12.223: [|tcp]
2. 251236 rule 0/0(match): block in on fxp0: 82.235.228.221 > =20
82.235.12.223: [|tcp]
506420 rule 0/0(match): block in on fxp0: 82.235.225.106 > =20
82.235.12.223: [|tcp]
5. 288575 rule 0/0(match): block in on fxp0: 82.235.225.106 > =20
82.235.12.223: [|tcp]
12. 352415 rule 0/0(match): block in on fxp0: 82.235.245.158 > =20
82.235.12.223: [|tcp]


I've found this in /var/log/debug.log:

../..
Aug  1 14:00:01 boleskine pflogd[410]: [priv]: msg PRIV_OPEN_LOG =20
received
Aug  1 16:00:02 boleskine pflogd[410]: [priv]: msg PRIV_OPEN_LOG =20
received
../..

But I believe it's not related to my problem at all.


regards,
patpro

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?569F9080-B78F-400B-B3C5-FCA05F04BF80>