Date: Mon, 22 Apr 2002 00:00:17 +0200 From: Axel Scheepers <axel@axel.truedestiny.net> To: questions@freebsd.org Subject: Funny ipnat ipf problem Message-ID: <20020422000016.I82499@mars.thuis>
next in thread | raw e-mail | index | archive | help
Hi All,
Being up for about 6 months, happy filtering my ipf/ipnat setup suddenly
did weird things. After I reloaded my ruleset, it seemed that the order
of which packets get past these programs was switched.
A very simpel test setup was this:
ipf.rules
block in log on ed2
pass out on ed2 from any to any flags S keep state
pass in on ed2 from any to any port = 80 flags S keep state
ipnat.rules
map ed2 192.168.0.0/16 -> 0/32 proxy port ftp ftp/tcp
map ed2 192.168.0.0/16 -> 0/32 portmap tcp/udp auto
map ed2 192.168.0.0/16 -> 0/32
rdr ed2 0.0.0.0/0 port 22 -> 192.168.0.5 port 80
which flooded my logs with denied packets to 192.168.x.x.
I tried to flush and reload my original nat and ipf ruleset, but still this
odd behavior. After a reboot, the machine was back in shape. I'm curious;
What happened?
The logs don't show anything strange, except for the sudden appearance of
blocked packets to 192.168.x.x.
Gr,
--
Axel Scheepers
UNIX System Administrator
email: axel@axel.truedestiny.net
a.scheepers@iae.nl
http://axel.truedestiny.net/~axel
------------------------------------------
Don't get suckered in by the comments -- they can be terribly
misleading. Debug only code.
-- Dave Storer
------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020422000016.I82499>