Date: Sat, 18 Jun 2005 07:43:47 +0900 From: horio shoichi <bugsgrief@bugsgrief.net> To: freebsd-questions@freebsd.org Subject: Re: Vexing IPF problem Message-ID: <20050617.224350.942a642fdeb4ea08.10.0.3.20@bugsgrief.net> In-Reply-To: <20050617151245.75132.qmail@web33103.mail.mud.yahoo.com> References: <20050617151245.75132.qmail@web33103.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 17 Jun 2005 08:12:45 -0700 (PDT) DH <dhutch9999@yahoo.com> wrote: > I'm having a problem with IPF blocking packets that appear should be let through. > > I've sent quite a bit of time going through the Handbook, man pages, etc & I must be missing something so any help is greatly appriciated. > > uname -a freebsd 4.11-release #0 > > SMP kernel, dual PIII processor, 512 MB ECC RAM, SCSI HDs > > execerpt from rule set: > > Kernel compiled with "default allow" until I finish getting the ruleset rewritten. > > Rule #1 block in log from any to any > > pass in quick on lo0 > pass out quick on lo0 > > block in log quick on fxp0 from any to any with ipopts > block in log quick proto tcp from any to any with short > ... > pass in log first proto tcp from any to any port = 80 flags S keep state > pass in log first proto tcp from any port = 80 to any flags S keep state > pass out log first proto tcp from any to any port = 80 flags S keep state > > > netstat -m = 129/576/16384 > 9% of mb_map in use > > Proxy Server - Squid 2.5.stable10 > > > The behavior I'm seeing is out going connections to websites on port 80 are being passed > but the in bound traffic is being blocked. The ipflog entries look like this: > > > my ip = s theirs = d > > @0:390 p s.s.s.s,3601 -> d.d.d.d,80 PR tcp len 20 60 -S K-S OUT > > @0:1 b d.d.d.d,80 -> s.s.s.s,3601 PR tcp len 20 43 -AR IN > > > > Thanks in advance to those giving their time to lend a hand, I know you time is valuable. > > Please CC my address in your reply. > > David Hutchens III > Network Technician > > > > > > --------------------------------- > Yahoo! Sports > Rekindle the Rivalries. Sign up for Fantasy Football > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Any reason you avoid 'quick' keywords in rules around 390 ? Also, from my vague memory 'first' should not be necessary with 'quick'. horio shoichi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050617.224350.942a642fdeb4ea08.10.0.3.20>