Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 04 Aug 2005 18:48:23 +0100
From:      Rod <rod@supanet.net.uk>
To:        freebsd-pf@freebsd.org
Subject:   PF, SSH closed by remote host
Message-ID:  <1123177703.24009.29.camel@torgau.office.netline.net.uk>
next in thread | raw e-mail | index | archive | help 

--=-nuUx3RK9CyqGPGwQyihF
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi,

I was wondering if anyone has come across this before.=20

I'm running FreeBSD 5.4-RELEASE running PF from rc.conf. I ssh into this
box as a non-root user then su. On doing a ps -auwx I instantly get
disconnect with Connection to 192.168.2.3 closed by remote host.
Connection to 192.168.2.3 closed.

If I disable PF everything is fine (pfctl -d.

e.g. :

lfs2# ps -auwx
USER        PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME
COMMAND
root         11 99.0  0.0     0     8  ??  RL    4:48PM 152:49.91 [idle]
root          0  0.0  0.0     0     0  ??  DLs   4:48PM   0:00.01
[swapper]Connection to 192.168.2.3 closed by remote host.
Connection to 192.168.2.3 closed.

rc.conf :

# Packet Filtering
pf_enable=3D"YES"                 # Enable PF (load module if required)
pf_rules=3D"/etc/pf.conf"         # rules definition file for pf
pf_flags=3D""                     # additional flags for pfctl startup
pflog_enable=3D"YES"              # start pflogd(8)
pflog_logfile=3D"/var/log/pflog"  # where pflogd should store the logfile
pflog_flags=3D""                  # additional flags for pflogd startup

This is my pf.conf :

ext_if=3D"em0"
external_addr=3D"192.168.2.3"
box_admins =3D "{192.168.2.8 192.168.2.9 192.168.20 192.168.45}"
                                                                           =
                                                                           =
   =20
set fingerprints "/etc/pf.os"
set block-policy drop
scrub in all
block in all
block out all
block in log all
                                                                           =
                                                                           =
     #Allow Admins
pass in on $ext_if from $box_admins to any


#icmp, ping etc
pass in on $ext_if proto icmp all
                                                                           =
                                                                           =
    =20
#allow outbound and keep states
pass out on $ext_if proto { tcp, udp, icmp } all keep state

Have tried lists,google and multiple different variations of the above
pf.conf but it's still happening. Any suggests?






--=-nuUx3RK9CyqGPGwQyihF
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQBC8lTmSKw3AiKIO7sRAthkAJ9tjewJu2AxNP3rjVtz1ji+hexc2ACY70Vj
lRjcpfeXrQdM/qTkqhZjtQ==
=Fbai
-----END PGP SIGNATURE-----

--=-nuUx3RK9CyqGPGwQyihF--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1123177703.24009.29.camel>