Date: Mon, 27 Feb 2006 18:48:58 +0500 From: "Roman Serbski" <mefystofel@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Help with IP Filter 4.1.8 Message-ID: <cca5083b0602270548s4147d332v5df89fdb9a0b7ccd@mail.gmail.com> In-Reply-To: <4402232A.8010908@locolomo.org> References: <cca5083b0602260715w2f4a9e49o494f2f537afca2db@mail.gmail.com> <4402232A.8010908@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/27/06, Erik N=F8rgaard <norgaard@locolomo.org> wrote: > Could you change your last rule to this: > > block in log quick on xl0 all > > and then tell what you see in the log. This would give some information > if any traffic is blocked in the first place. Actually, adding the log > keyword to all rules for the xl0 interface might be a good idea for > debugging. > > Also, is this the complete ruleset or did you remove rules you thought > were irrelevant? If so, then post the whole ruleset. Thank you. I removed 'flags' as it was suggested by Giorgos Keramidas but it didn't help. This is not the complete ruleset, I mean there are a lot of other rules, but I removed everything to be sure and left only outgoing 53/udp, 53/tcp. Once again, I checked this ruleset on 5.3-STABLE with ipf v3.4.35 (336) and it worked good. Adding the 'log' keyword produced the following record: xl0 @0:2 b XXX.XXX.XXX.XXX,53 -> YYY.YYY.YYY.YYY,60808 PR udp len 20 298 IN= bad where XXX - is IP address of DNS server of ISP, and YYY is the server I'm running ipf on. There was a hit on a rule allowing outgoing 53/udp and it seems like the response from DNS server was blocked. Outgoing port number returned by YYY is always changing - on a second run it was 51212. Of course I can allow incoming connections to ports > 1024, but I really would like to understand why it was working with ipf v3.4.35 and not with v4.1.8. Once again, thank you all for your help.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cca5083b0602270548s4147d332v5df89fdb9a0b7ccd>