From owner-freebsd-pf@FreeBSD.ORG Sun Aug 28 15:00:08 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC3521065675 for ; Sun, 28 Aug 2011 15:00:07 +0000 (UTC) (envelope-from invitation@mydailyflog.com) Received: from mail8.mydailyflog.com (mail8.mydailyflog.com [67.228.245.119]) by mx1.freebsd.org (Postfix) with ESMTP id BA7498FC1D for ; Sun, 28 Aug 2011 15:00:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=mydailyflog.com; h=Date:To:From:Subject:Message-ID:Reply-to:Sender:MIME-Version:Content-Transfer-Encoding:Content-Type; i=invitation@mydailyflog.com; bh=HWtw2IO7fw7cYGGCCK0wrR1AbDg=; b=Jp7zxoPyNoMYg5hIwsxEOEC0ubLr4WCH44gTSvkNItw6JzeajoT7j0Wh9BLpVb0aW5ZDlWmCc0vW FrNWfJMaFdYN+vi4izfJsApxa1t8AyLXM35HaX3DkwbBDV3RVN1dkB5eDZYo6bTD0kVnJVS6J9Kn wNrUqgoOEB8v7FwIf1Y= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=mydailyflog.com; b=JN/M8xEmYjIlijRpZRZfV48dDe16Ey3XUeBreHd1w5LB0UtJz48o5P0pysVQgv19093I3H85DsIU 05gma7lp6Wlz25c4cVfiQS1aauLLjX7qeLZcWmBn9s5SMwNVhYqKP51kOnZ7jkha6GqsU0dEdzlP /tW0dG4oBXQgQIoe/2o=; Received: from localhost (127.0.0.1) by mail8.mydailyflog.com (PowerMTA(TM) v3.5r4) id hb9bve14mqkk for ; Sun, 28 Aug 2011 09:49:17 -0500 (envelope-from ) Date: Sun, 28 Aug 2011 09:49:17 -0500 To: freebsd-pf@freebsd.org From: norhanid tongkol Message-ID: X-Priority: 3 X-Mailer: PHPMailer (phpmailer.codeworxtech.com) [version 2.1] Sender: norhanid tongkol MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" Subject: Check out this photo on MyDailyFlog! X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: norhanid tongkol List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Aug 2011 15:00:08 -0000 Hi! I would like to invite you to visit MyDailyFlog and see my latest photos. Check out: http://www.mydailyflog.com/go/invite_register/norhanidt/80369694&stc=16 Cheers! norhanid tongkol ======================================== Got a digital camera? MyDailyFlog is a personal photo-blogging space where you can easily post your latest and greatest photos, and share them with your friends and family. Create your own DailyFlog at www.MyDailyFlog.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Unsubscribe: to opt out of further invitations from your friends to see their DailyFlogs, please click below: http://www.mydailyflog.com/un/freebsd-pf@freebsd.org&md5=ee4ddac8401481de&bl=16 Please do not reply directly to this email. Questions? Contact us - http://www.mydailyflog.com/go/contact_us MyDailyFlog, Refriendz Ltd. PO BOX 1184, Luton, Bedfordshire, LU1 9AT. From owner-freebsd-pf@FreeBSD.ORG Mon Aug 29 11:07:14 2011 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 50B461065672 for ; Mon, 29 Aug 2011 11:07:14 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3684C8FC1E for ; Mon, 29 Aug 2011 11:07:14 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p7TB7Enf089352 for ; Mon, 29 Aug 2011 11:07:14 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p7TB7D1Q089350 for freebsd-pf@FreeBSD.org; Mon, 29 Aug 2011 11:07:13 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 29 Aug 2011 11:07:13 GMT Message-Id: <201108291107.p7TB7D1Q089350@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Aug 2011 11:07:14 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/159390 pf [pf] [panic] mutex pf task mtx owned at /usr/src/sys/c o kern/159029 pf [pf] [panic] m_copym, offset > size of mbuf chain when o kern/158873 pf [pf] [panic] When I launch pf daemon, I have a kernel o kern/158636 pf [pf] if_pfsync.c fails to build when NBPFILTER == 0 o kern/155736 pf [pf] [altq] borrow from parent queue does not work wit o kern/153307 pf [pf] Bug with PF firewall o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/146832 pf [pf] "(self)" not always matching all local IPv6 addre o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 50 problems total. From owner-freebsd-pf@FreeBSD.ORG Thu Sep 1 02:42:25 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C624C106566B for ; Thu, 1 Sep 2011 02:42:25 +0000 (UTC) (envelope-from jagomez@splashcorp.com) Received: from mail.splashcorp.com (mail.splashcorp.com [202.14.87.139]) by mx1.freebsd.org (Postfix) with ESMTP id 5E0658FC0C for ; Thu, 1 Sep 2011 02:42:25 +0000 (UTC) Received: from spex2k7ccr.shi.com ([fe80::a170:dc6e:9cc6:4575]) by spexcasht01.shi.com ([::1]) with mapi; Thu, 1 Sep 2011 10:31:34 +0800 From: "Jonathan A. Gomez" To: "freebsd-pf@freebsd.org" Date: Thu, 1 Sep 2011 10:31:27 +0800 Thread-Topic: Jagomez@splashcorp.com Thread-Index: AcxoQKBMxNeOsIW7QT6AoBwrWmEqdQADp/sl Message-ID: References: <602e809b-4490-429e-bcfc-b79bdc2d2dc1@spexcasht01.shi.com> In-Reply-To: <602e809b-4490-429e-bcfc-b79bdc2d2dc1@spexcasht01.shi.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: RE: Jagomez@splashcorp.com X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Sep 2011 02:42:25 -0000 jon ________________________________________ From: freebsd-pf@freebsd.org [freebsd-pf@freebsd.org] Sent: Thursday, September 01, 2011 8:46 AM To: Jonathan A. Gomez Subject: Jagomez@splashcorp.com The original message was received at Thu, 1 Sep 2011 08:46:20 +0800 from [98.60.73.207] ----- The following addresses had permanent fatal errors ----- ----- Transcript of the session follows ----- ... while talking to server splashcorp.com.: 554 5.0.0 Service unavailable; [216.99.166.64] blocked using relays.osiruso= ft.com Session aborted= From owner-freebsd-pf@FreeBSD.ORG Thu Sep 1 17:24:47 2011 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0672A106566C; Thu, 1 Sep 2011 17:24:47 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D2F898FC16; Thu, 1 Sep 2011 17:24:46 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p81HOkgU054096; Thu, 1 Sep 2011 17:24:46 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p81HOk8h054092; Thu, 1 Sep 2011 17:24:46 GMT (envelope-from linimon) Date: Thu, 1 Sep 2011 17:24:46 GMT Message-Id: <201109011724.p81HOk8h054092@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-pf@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/160370: [pf] Incorrect pfctl check of pf.conf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Sep 2011 17:24:47 -0000 Old Synopsis: Incorrect pfctl check of pf.conf New Synopsis: [pf] Incorrect pfctl check of pf.conf Responsible-Changed-From-To: freebsd-bugs->freebsd-pf Responsible-Changed-By: linimon Responsible-Changed-When: Thu Sep 1 17:23:59 UTC 2011 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=160370 From owner-freebsd-pf@FreeBSD.ORG Fri Sep 2 10:58:16 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD3F3106564A for ; Fri, 2 Sep 2011 10:58:16 +0000 (UTC) (envelope-from nagoryanskii@gmail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id 4EB0B8FC14 for ; Fri, 2 Sep 2011 10:58:15 +0000 (UTC) Received: by fxe4 with SMTP id 4so2008075fxe.13 for ; Fri, 02 Sep 2011 03:58:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=QWZC0bLKPQ5q1oUi1+H/6ASgjBcMz/7mnKhuVCqKQAY=; b=RVXcxyZOgy5oNbN5aaQwVsuklky42O0bxCGNmPQ5p7E8V8POZYx+EnZUNcl8He1FKW ReGLujLXe+2V1KEbZRZgQJzTLBGpciGmUsxzWUSIQr/mwt9nkvcROvgLDcMYts5Hm05F jk5TBKexh7/I+U+3TqphyMjhh/KccScoFj0Eo= MIME-Version: 1.0 Received: by 10.223.17.3 with SMTP id q3mr1491050faa.71.1314959203563; Fri, 02 Sep 2011 03:26:43 -0700 (PDT) Received: by 10.223.107.68 with HTTP; Fri, 2 Sep 2011 03:26:43 -0700 (PDT) Date: Fri, 2 Sep 2011 13:26:43 +0300 Message-ID: From: Victor Nagoryanskii To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: pf port redirection wierd behavior X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Sep 2011 10:58:16 -0000 Hello! I've noticed wierd behavior of pf port redirection. I have FreeBSD 8.2 box which nat'ed my lan. There are some http/mail servers presented in lan, tcp port redirection work fine, but udp redirection to my H323 enabled device is strange. When I initialising call , replied udp packets successfully redirected to my h323 device, but if call is initialising from outside to me - redirection just not work (I can't hear remote peer). I see udp packets hit to my ext_if , but nothing appear in lan_if. pf.conf nat pass on $inet_if from $lan_net to any -> $inet_if rdr pass on $inet_if proto tcp from any to $inet_ip port {25,80} -> 10.0.0.2 # Work fine rdr pass on $inet_if proto tcp from any to $inet_ip port 1720 -> 10.0.0.4 # Work fine rdr pass on $inet_if proto udp from any to $inet_ip port 2048:2063 -> 10.0.0.4 # Work only if I initialising call pass all Also I tried to adjust udp session timer: set timeout udp.first 300 set timeout udp.single 150 set timeout udp.multiple 900 Is this pf bug or I something misconfigured pf.conf? From owner-freebsd-pf@FreeBSD.ORG Fri Sep 2 12:50:10 2011 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 965FF106564A for ; Fri, 2 Sep 2011 12:50:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 869368FC08 for ; Fri, 2 Sep 2011 12:50:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p82CoA0r063177 for ; Fri, 2 Sep 2011 12:50:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p82CoAfd063174; Fri, 2 Sep 2011 12:50:10 GMT (envelope-from gnats) Date: Fri, 2 Sep 2011 12:50:10 GMT Message-Id: <201109021250.p82CoAfd063174@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org From: Patrick Lamaiziere Cc: Subject: Re: misc/160370: Incorrect pfctl check of pf.conf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Patrick Lamaiziere List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Sep 2011 12:50:10 -0000 The following reply was made to PR kern/160370; it has been noted by GNATS. From: Patrick Lamaiziere To: bug-followup@FreeBSD.org Cc: Subject: Re: misc/160370: Incorrect pfctl check of pf.conf Date: Fri, 2 Sep 2011 14:23:55 +0200 Le Thu, 1 Sep 2011 17:14:54 GMT, Vitalic a écrit : Hi, > >Description: > I am using FreeBSD as firewall and router for LAN. Inet works via NAT. > Here is the small part (macros) of my pf.conf: > > ext_if=tun0 > int_if="bridge0" > ...... > and so on > ...... > > With pfctl -n -f /etc/pf.conf no errors occur (but exactly should). > pfctl -sr and pfctl -sn shows loaded nat and firewall rules, but Inet > (via NAT) no working for LAN. It would be nice to have all the ruleset (pf.conf) and the output of pfctl while loading the rules (pfctl -vvvvv -n -f ) Thanks, regards.