From owner-freebsd-pf@FreeBSD.ORG Mon Jun 23 11:06:59 2008 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 44710106567F for ; Mon, 23 Jun 2008 11:06:59 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3326B8FC21 for ; Mon, 23 Jun 2008 11:06:59 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m5NB6xsD065049 for ; Mon, 23 Jun 2008 11:06:59 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m5NB6wX2065045 for freebsd-pf@FreeBSD.org; Mon, 23 Jun 2008 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 23 Jun 2008 11:06:58 GMT Message-Id: <200806231106.m5NB6wX2065045@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2008 11:06:59 -0000 Current FreeBSD problem reports Critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/111220 pf [pf] repeatable hangs while manipulating pf tables 1 problem total. Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/82271 pf [pf] cbq scheduler cause bad latency o kern/92949 pf [pf] PF + ALTQ problems with latency o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge 5 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/93825 pf [pf] pf reply-to doesn't work s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/114095 pf [carp] carp+pf delay with high state limit o kern/114567 pf [pf] LOR pf_ioctl.c + if.c o kern/118355 pf [pf] [patch] pfctl help message options order false -t o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o kern/121704 pf [pf] PF mangles loopback packets o kern/122773 pf [pf] pf doesn't log uid or pid when configured to 9 problems total. From owner-freebsd-pf@FreeBSD.ORG Mon Jun 23 16:17:38 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 86B1C106564A for ; Mon, 23 Jun 2008 16:17:38 +0000 (UTC) (envelope-from miguel.alc@gmail.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.171]) by mx1.freebsd.org (Postfix) with ESMTP id 587238FC13 for ; Mon, 23 Jun 2008 16:17:38 +0000 (UTC) (envelope-from miguel.alc@gmail.com) Received: by wf-out-1314.google.com with SMTP id 24so2031823wfg.7 for ; Mon, 23 Jun 2008 09:17:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=q6AlOsiMNOkdJVNoA1N8uRukWIfTzAChprfMzuG8WO8=; b=iIPRkkyhrCY+ArBI2yH14WYF9jVR14QwsRd3QIgB/BVd6N2PktdBpxc0PKx6dCKQUt 2QCSUu1ngrt92rrAbU6VXc2rHUtWHnELA7Be3QmF6v6AJFKW1eywSy8sqWGZr3NTfceT RYXCgwpK49KgHjAlqNbNTetvMn7hA7VsLMk8k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=ARrp4tUxsRBOGxSlrbnVORra/9t16qCt50x07W7LnTGPhqFkXAu0GipKZBaLUEU+kA EpKN5qkFOAaEPRy0w37Hm2SdUcU98HdkTpfoI7V2KfKttFXup3KM7gkWJv4DpD46E0P1 Yt7uFd3It0Zd78e2XVNm089gwLfLUB8cspTCw= Received: by 10.142.142.14 with SMTP id p14mr3980788wfd.315.1214236248193; Mon, 23 Jun 2008 08:50:48 -0700 (PDT) Received: by 10.142.71.1 with HTTP; Mon, 23 Jun 2008 08:50:47 -0700 (PDT) Message-ID: <5855700c0806230850r2df3d656of675ca4e0e307a51@mail.gmail.com> Date: Mon, 23 Jun 2008 10:50:47 -0500 From: "=?UTF-8?Q?Miguel_Alc=C3=A1ntara?=" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: PF and SQUID X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2008 16:17:38 -0000 SGkgZXZlcnlib2R5LCBJJ20gaGF2aW5nIGEgcHJvYmxlbSBmb3IgYSB3ZWVrLiBJIGhhdmUgdG8g c2V0dXAgUEYgKyBTUVVJRCBpbgphIFAyIG1hY2hpbmUsIHdpdGggMTI4UkFNIGFuZCA2R0IgaGFy ZCBkaXNrIGFuZCBqdXN0IG9uZSBuaWMuIEkgdmlydHVhbGl6ZWQKYW4gaW50ZXJmYWNlIHdpdGgg YW4gaXAgMTkyLjE2OC4xLjgwIGFuZCBpdCBoYXMgc3F1aWQsIHRoZSBuaWMgaGFzCjE5Mi4xNjgu MS42MCBhbmQgYWxsIHRoZSBsYW4gaXMgMTkyLjE2OC4xLjAvMjQuCgpNeSBwcm9ibGVtIGlzIHRo YXQgSSBjYW7CtHQgYnJvd3NlIHNvbWUgc2l0ZXMgdGhlIG11c3QgYmUgcGVybWl0dGVkLgoKcGYu Y29uZgoKI3J1bGVzIGZvciBmaXJld2FsbApleHRfbmljID0gImRjMCIKeW8gPSAiMTkyLjE2OC4x LjAvMjQiCgp0YWJsZSA8ZG5zX2NhdXRpdm8+IHsyMDguNjcuMjIwLjIyMCwgMjA4LjY3LjIyMi4y MjJ9CiNTUVVJRCBDT05GSUdVUkFUSU9OCnJkciBwYXNzIG9uICRleHRfbmljIGluZXQgcHJvdG8g dGNwIGZyb20gJHlvIHRvIGFueSBwb3J0IHd3dyAtPgoxOTIuMTY4LjEuODBwb3J0IDMxMjgKbmF0 IG9uICRleHRfbmljIGZyb20gJHlvIHRvIGFueSAtPiAoJGV4dF9uaWMpCiNGSUxURVIKYmxvY2sg YWxsCiNwYXNzIGluIG9uICRleHRfbmljIGZyb20gJHlvCnBhc3Mgb3V0IG9uICRleHRfbmljIGZy b20gYW55IHRvIDxkbnNfY2F1dGl2bz4KCnNxdWlkLmNvbmYKCiNSZWNvbW1lbmRlZCBtaW5pbXVt IGNvbmZpZ3VyYXRpb246CmFjbCBhbGwgc3JjIDAuMC4wLjAvMC4wLjAuMAphY2wgbWFuYWdlciBw cm90byBjYWNoZV9vYmplY3QKYWNsIGxvY2FsaG9zdCBzcmMgMTI3LjAuMC4xLzI1NS4yNTUuMjU1 LjI1NQphY2wgdG9fbG9jYWxob3N0IGRzdCAxMjcuMC4wLjAvOAphY2wgU1NMX3BvcnRzIHBvcnQg NDQzCmFjbCBTYWZlX3BvcnRzIHBvcnQgODAgICAgICAgICAgIyBodHRwCmFjbCBTYWZlX3BvcnRz IHBvcnQgMjEgICAgICAgICAgIyBmdHAKYWNsIFNhZmVfcG9ydHMgcG9ydCA0NDMgICAgICAgICAj IGh0dHBzCmFjbCBTYWZlX3BvcnRzIHBvcnQgNzAgICAgICAgICAgIyBnb3BoZXIKYWNsIFNhZmVf cG9ydHMgcG9ydCAyMTAgICAgICAgICAjIHdhaXMKYWNsIFNhZmVfcG9ydHMgcG9ydCAxMDI1LTY1 NTM1ICAjIHVucmVnaXN0ZXJlZCBwb3J0cwphY2wgU2FmZV9wb3J0cyBwb3J0IDI4MCAgICAgICAg ICMgaHR0cC1tZ210CmFjbCBTYWZlX3BvcnRzIHBvcnQgNDg4ICAgICAgICAgIyBnc3MtaHR0cAph Y2wgU2FmZV9wb3J0cyBwb3J0IDU5MSAgICAgICAgICMgZmlsZW1ha2VyCmFjbCBTYWZlX3BvcnRz IHBvcnQgNzc3ICAgICAgICAgIyBtdWx0aWxpbmcgaHR0cAphY2wgQ09OTkVDVCBtZXRob2QgQ09O TkVDVAojLy8vLy8vLy8vCmFjbCBzcGVjaWFsX2NsaWVudCBzcmMgMTkyLjE2OC4xLjAvMjQKI2Fj bCBsaXN0YV9wZXJtaXRpZG9zIHVybF9yZWdleCAiL3Vzci9sb2NhbC9ldGMvc3F1aWQvZnJlZS5z cXVpZCIKCiNhY2wgc3BlY2lhbF91cmwgdXJsX3JlZ2V4IHVjY2kKYWNsIGhvdG1haWwgZHN0ZG9t YWluIC5ob3RtYWlsLmNvbQphY2wgbWFpbCBkc3Rkb21haW4gLmJsdTEzNC5tYWlsLmxpdmUuY29t CmFjbCBtYWlsaG90IGRzdGRvbV9yZWdleCAtaSBtYWlsCmFjbCBob3RtYWlsX21haWwgZHN0ZG9t YWluIC5ob3RtYWlsLm1zbi5jb20KYWNsIHBhc3Nwb3J0IGRzdGRvbWFpbiAucGFzc3BvcnQubmV0 CmFjbCBtc24gZHN0ZG9tYWluIC5tc24uY29tCmFjbCBpZTYgYnJvd3NlciBNU0lFW1s6c3BhY2U6 XV02CmFjbCBwZXJtaXRpZG9zIHVybF9yZWdleCAiL3Vzci9sb2NhbC9ldGMvc3F1aWQvZnJlZS5z cXVpZCIKYWNsIHBhbGFicmEgdXJscGF0aF9yZWdleCAtaSBsb2dpbi5zcnQKYWNsIG51bWNvbm4g bWF4Y29ubiA4MAphY2wgYnJvd3NlX2hvdG1haWwgdXJsX3JlZ2V4IHd3dy5ob3RtYWlsLmNvbQph Y2wgYnJvd3NlX3VsaW1hIHVybF9yZWdleCB3d3cudWxpbWEuZWR1LnBlCmFjbCBicm93c2VfeWFo b28gdXJsX3JlZ2V4IHd3dy55YWhvby5jb20KCmh0dHBfYWNjZXNzIGFsbG93IG1hbmFnZXIgbG9j YWxob3N0Cmh0dHBfYWNjZXNzIGRlbnkgbWFuYWdlcgojIERlbnkgcmVxdWVzdHMgdG8gdW5rbm93 biBwb3J0cwpodHRwX2FjY2VzcyBkZW55ICFTYWZlX3BvcnRzCiMgRGVueSBDT05ORUNUIHRvIG90 aGVyIHRoYW4gU1NMIHBvcnRzCmh0dHBfYWNjZXNzIGRlbnkgQ09OTkVDVCAhU1NMX3BvcnRzCiMj aHR0cF9hY2Nlc3MgYWxsb3cgc3BlY2lhbF9jbGllbnQgbGlzdGFfcGVybWl0aWRvcwojI2h0dHBf YWNjZXNzIGFsbG93IHNwZWNpYWxfY2xpZW50IGhvdG1haWwKIyNodHRwX2FjY2VzcyBhbGxvdyBz cGVjaWFsX2NsaWVudCBtYWlsaG90CiMjaHR0cF9hY2Nlc3MgYWxsb3cgc3BlY2lhbF9jbGllbnQg bWFpbAojaHR0cF9hY2Nlc3MgZGVueSBzcGVjaWFsX3VybAojaHR0cF9hY2Nlc3MgYWxsb3cgc3Bl Y2lhbF9jbGllbnQKCmh0dHBfYWNjZXNzIGFsbG93IHNwZWNpYWxfY2xpZW50IHBlcm1pdGlkb3MK aHR0cF9hY2Nlc3MgYWxsb3cgc3BlY2lhbF9jbGllbnQgaG90bWFpbApodHRwX2FjY2VzcyBhbGxv dyBzcGVjaWFsX2NsaWVudCBtYWlsCmh0dHBfYWNjZXNzIGFsbG93IHNwZWNpYWxfY2xpZW50IG1h aWxob3QKaHR0cF9hY2Nlc3MgYWxsb3cgc3BlY2lhbF9jbGllbnQgU2FmZV9wb3J0cwpodHRwX2Fj Y2VzcyBhbGxvdyBzcGVjaWFsX2NsaWVudCBob3RtYWlsX21haWwKaHR0cF9hY2Nlc3MgYWxsb3cg c3BlY2lhbF9jbGllbnQgcGFsYWJyYQpodHRwX2FjY2VzcyBhbGxvdyBzcGVjaWFsX2NsaWVudCBi cm93c2VfaG90bWFpbApodHRwX2FjY2VzcyBhbGxvdyBzcGVjaWFsX2NsaWVudCBicm93c2VfdWxp bWEKaHR0cF9hY2Nlc3MgYWxsb3cgc3BlY2lhbF9jbGllbnQgYnJvd3NlX3lhaG9vCiNodHRwX2Fj Y2VzcyBhbGxvdyBzcGVjaWFsX2NsaWVudCBzcGVjaWFsX3VybApodHRwX2FjY2VzcyBkZW55IGFs bAoKCldlbGwsIGl0IGRvZW5zYHQgd29yaywgd2hlbiBJIHRyeSB0byBzdXJmIGluIGFueSBkb21h aW4gbmFtZSBsaXN0ZWQgYWJvdmUgaW4Kc3F1aWQgc3F1aWQgc2VuZHMgbWUgYSBtZXNzYWdlOgoK RVJST1IgVGhlIHJlcXVlc3RlZCBVUkwgY291bGQgbm90IGJlIHJldHJpZXZlZAotLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0KCldoaWxlIHRyeWluZyB0byByZXRyaWV2ZSB0aGUgVVJMOiBo dHRwOi8vd3d3LnlhaG9vLmNvbS8KClRoZSBmb2xsb3dpbmcgZXJyb3Igd2FzIGVuY291bnRlcmVk OgoKICAgLSAqIENvbm5lY3Rpb24gdG8gRmFpbGVkICoKCiBUaGUgc3lzdGVtIHJldHVybmVkOgoK KiAgICAoMSkgT3BlcmF0aW9uIG5vdCBwZXJtaXR0ZWQqCgogVGhlIHJlbW90ZSBob3N0IG9yIG5l dHdvcmsgbWF5IGJlIGRvd24uIFBsZWFzZSB0cnkgdGhlIHJlcXVlc3QgYWdhaW4uCgpZb3VyIGNh Y2hlIGFkbWluaXN0cmF0b3IgaXMgd2VibWFzdGVyLgotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0KIEdlbmVyYXRlZCBUaHUsIDI3IERlYyAyMDA3IDEzOjEyOjM2IEdNVCBieSBwZiAoc3F1 aWQvMi42LlNUQUJMRTE2KQoKCipUaGVuIGluIGxvZ3MgZnJvbSBzcXVpZCBJIGNhbiBzZWUgYW4g NTAzIGVycm9yIFRDUF9NSVNTLgoKSSB1c2UgRkJTRCA3IGFuZCBTUVVJRCAyLjYsIG9idmlvdXNs eSB3aXRoIFBGLiBBaCEsIHNxdWlkIHdhcyBjb21waWxlZCB3aXRoCnBmIGhhYmlsaXRpZXMgb3Ig c29tZXRoaW5nIGxpa2UgdGhhdC4KClBseiwgd2hhdCBJIGFtIGRvaW5nIHdyb25nLgoqCgoKLS0g CkF0dGUuCgpNaWd1ZWwgQWxjw6FudGFyYSBBLgo= From owner-freebsd-pf@FreeBSD.ORG Mon Jun 23 20:03:00 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CA0D8106567F for ; Mon, 23 Jun 2008 20:03:00 +0000 (UTC) (envelope-from tommyhp2@yahoo.com) Received: from web38202.mail.mud.yahoo.com (web38202.mail.mud.yahoo.com [209.191.124.145]) by mx1.freebsd.org (Postfix) with SMTP id 8232F8FC28 for ; Mon, 23 Jun 2008 20:02:54 +0000 (UTC) (envelope-from tommyhp2@yahoo.com) Received: (qmail 85284 invoked by uid 60001); 23 Jun 2008 19:36:13 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-Mailer:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=r5RENUYaI6/gOZYZcbhPiyWv+QsbNIZ552oyzuKds4a412B0GBkGxFl92nk0rVJvpla9Mtzyby+jL76ss7n5+j5NvxybJO9oKELg+Vq94TB3H0/MVGmC1NVxQFv8b3wPLODVDByF4my1YxtTq+I2kE2VVvF3v6ATT/3V8LXNzqw=; Received: from [74.229.174.93] by web38202.mail.mud.yahoo.com via HTTP; Mon, 23 Jun 2008 12:36:13 PDT X-Mailer: YahooMailWebService/0.7.199 Date: Mon, 23 Jun 2008 12:36:13 -0700 (PDT) From: Tommy Pham To: freebsd-pf@freebsd.org, =?iso-8859-1?Q?Miguel_Alc=E1ntara?= In-Reply-To: <5855700c0806230850r2df3d656of675ca4e0e307a51@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Message-ID: <640718.84795.qm@web38202.mail.mud.yahoo.com> Cc: Subject: Re: PF and SQUID X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: tommyhp2@yahoo.com List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2008 20:03:00 -0000 --- On Mon, 6/23/08, Miguel Alc=E1ntara wrote: > From: Miguel Alc=E1ntara > Subject: PF and SQUID > To: freebsd-pf@freebsd.org > Date: Monday, June 23, 2008, 11:50 AM > Hi everybody, I'm having a problem for a week. I have to > setup PF + SQUID in > a P2 machine, with 128RAM and 6GB hard disk and just one > nic. I virtualized > an interface with an ip 192.168.1.80 and it has squid, the > nic has > 192.168.1.60 and all the lan is 192.168.1.0/24. >=20 > My problem is that I can=B4t browse some sites the must be > permitted. >=20 > pf.conf >=20 > #rules for firewall > ext_nic =3D "dc0" > yo =3D "192.168.1.0/24" >=20 > table {208.67.220.220, 208.67.222.222} > #SQUID CONFIGURATION > rdr pass on $ext_nic inet proto tcp from $yo to any port > www -> > 192.168.1.80port 3128 I don't know if the missing space between the IP address and "port" is a ty= po or not in the email but if it's copy and paste from your conf file, that= maybe your problem. ~Tommy > nat on $ext_nic from $yo to any -> ($ext_nic) > #FILTER > block all > #pass in on $ext_nic from $yo > pass out on $ext_nic from any to >=20 > squid.conf >=20 > #Recommended minimum configuration: > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > #///////// > acl special_client src 192.168.1.0/24 > #acl lista_permitidos url_regex > "/usr/local/etc/squid/free.squid" >=20 > #acl special_url url_regex ucci > acl hotmail dstdomain .hotmail.com > acl mail dstdomain .blu134.mail.live.com > acl mailhot dstdom_regex -i mail > acl hotmail_mail dstdomain .hotmail.msn.com > acl passport dstdomain .passport.net > acl msn dstdomain .msn.com > acl ie6 browser MSIE[[:space:]]6 > acl permitidos url_regex > "/usr/local/etc/squid/free.squid" > acl palabra urlpath_regex -i login.srt > acl numconn maxconn 80 > acl browse_hotmail url_regex www.hotmail.com > acl browse_ulima url_regex www.ulima.edu.pe > acl browse_yahoo url_regex www.yahoo.com >=20 > http_access allow manager localhost > http_access deny manager > # Deny requests to unknown ports > http_access deny !Safe_ports > # Deny CONNECT to other than SSL ports > http_access deny CONNECT !SSL_ports > ##http_access allow special_client lista_permitidos > ##http_access allow special_client hotmail > ##http_access allow special_client mailhot > ##http_access allow special_client mail > #http_access deny special_url > #http_access allow special_client >=20 > http_access allow special_client permitidos > http_access allow special_client hotmail > http_access allow special_client mail > http_access allow special_client mailhot > http_access allow special_client Safe_ports > http_access allow special_client hotmail_mail > http_access allow special_client palabra > http_access allow special_client browse_hotmail > http_access allow special_client browse_ulima > http_access allow special_client browse_yahoo > #http_access allow special_client special_url > http_access deny all >=20 >=20 > Well, it doens`t work, when I try to surf in any domain > name listed above in > squid squid sends me a message: >=20 > ERROR The requested URL could not be retrieved > ------------------------------ >=20 > While trying to retrieve the URL: http://www.yahoo.com/ >=20 > The following error was encountered: >=20 > - * Connection to Failed * >=20 > The system returned: >=20 > * (1) Operation not permitted* >=20 > The remote host or network may be down. Please try the > request again. >=20 > Your cache administrator is webmaster. > ------------------------------ > Generated Thu, 27 Dec 2007 13:12:36 GMT by pf > (squid/2.6.STABLE16) >=20 >=20 > *Then in logs from squid I can see an 503 error TCP_MISS. >=20 > I use FBSD 7 and SQUID 2.6, obviously with PF. Ah!, squid > was compiled with > pf habilities or something like that. >=20 > Plz, what I am doing wrong. > * >=20 >=20 > --=20 > Atte. >=20 > Miguel Alc=E1ntara > A._______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to > "freebsd-pf-unsubscribe@freebsd.org" From owner-freebsd-pf@FreeBSD.ORG Mon Jun 23 20:13:37 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E20F51065675 for ; Mon, 23 Jun 2008 20:13:37 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.freebsd.org (Postfix) with ESMTP id 6EFD28FC16 for ; Mon, 23 Jun 2008 20:13:37 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-064-178-179.pools.arcor-ip.net [88.64.178.179]) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis) id 0MKwtQ-1KAsPv46uU-0004N1; Mon, 23 Jun 2008 22:13:36 +0200 Received: (qmail 93569 invoked from network); 23 Jun 2008 20:11:21 -0000 Received: from myhost.laiers.local (192.168.4.151) by router.laiers.local with SMTP; 23 Jun 2008 20:11:21 -0000 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Mon, 23 Jun 2008 22:11:54 +0200 User-Agent: KMail/1.9.9 References: <5855700c0806230850r2df3d656of675ca4e0e307a51@mail.gmail.com> In-Reply-To: <5855700c0806230850r2df3d656of675ca4e0e307a51@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200806232211.54560.max@love2party.net> X-Provags-ID: V01U2FsdGVkX18lxk1bkmhc7DiYMgyZVjF3K+rACJhCRDn5pjM xYm5RqUexPcLPpVyqYyIgneDLF8TYrRwQDnVzfF29nrtdtyDsu 8gnuubuOewfwkoBCuZ7Iw== Cc: Subject: Re: PF and SQUID X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2008 20:13:38 -0000 On Monday 23 June 2008 17:50:47 Miguel Alc=C3=A1ntara wrote: > Hi everybody, I'm having a problem for a week. I have to setup PF + > SQUID in a P2 machine, with 128RAM and 6GB hard disk and just one nic. > I virtualized an interface with an ip 192.168.1.80 and it has squid, > the nic has 192.168.1.60 and all the lan is 192.168.1.0/24. > > My problem is that I can=C2=B4t browse some sites the must be permitted. > > pf.conf > > #rules for firewall > ext_nic =3D "dc0" > yo =3D "192.168.1.0/24" > > table {208.67.220.220, 208.67.222.222} > #SQUID CONFIGURATION > rdr pass on $ext_nic inet proto tcp from $yo to any port www -> > 192.168.1.80port 3128 > nat on $ext_nic from $yo to any -> ($ext_nic) > #FILTER > block all > #pass in on $ext_nic from $yo > pass out on $ext_nic from any to With these rules there is no way for your squid to talk to the rest of the= =20 world. You have to allow it *somehow*[tm] to connect to the outside. =20 =46rom the above, I kind of doubt that you really understand what you are=20 doing - or are serverly suffering from the language barrier. You might=20 want to try to contact a forum or usergroup in your native language. > squid.conf > Well, it doens`t work, when I try to surf in any domain name listed > above in squid squid sends me a message: > > ERROR The requested URL could not be retrieved > ------------------------------ > > While trying to retrieve the URL: http://www.yahoo.com/ > > The following error was encountered: > > - * Connection to Failed * > > The system returned: > > * (1) Operation not permitted* =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-pf@FreeBSD.ORG Mon Jun 23 23:37:09 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F1DE4106566C for ; Mon, 23 Jun 2008 23:37:08 +0000 (UTC) (envelope-from eculp@encontacto.net) Received: from ns2.bafirst.com (72-12-2-19.static.networktel.net [72.12.2.19]) by mx1.freebsd.org (Postfix) with ESMTP id 95DAA8FC0C for ; Mon, 23 Jun 2008 23:37:08 +0000 (UTC) (envelope-from eculp@encontacto.net) Received: from HOME.encontacto.net ([189.190.8.164]) by ns2.bafirst.com with esmtp; Mon, 23 Jun 2008 18:26:49 -0500 id 000D511A.48603139.0000571A Received: from localhost (localhost [127.0.0.1]) (uid 80) by HOME.encontacto.net with local; Mon, 23 Jun 2008 18:26:43 -0500 id 0004AC20.48603133.000142E4 Received: from local65.local.net.mx (local65.local.net.mx [192.168.1.65]) by intranet.encontacto.net (Horde Framework) with HTTP; Mon, 23 Jun 2008 18:26:43 -0500 Message-ID: <20080623182643.75686fq9ijcydyg4@intranet.encontacto.net> Date: Mon, 23 Jun 2008 18:26:43 -0500 From: eculp To: freebsd-pf@freebsd.org References: <5855700c0806230850r2df3d656of675ca4e0e307a51@mail.gmail.com> In-Reply-To: <5855700c0806230850r2df3d656of675ca4e0e307a51@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.2-cvs) Cc: Subject: Re: PF and SQUID X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2008 23:37:09 -0000 Quoting Miguel Alc=C3=A1ntara : > Hi everybody, I'm having a problem for a week. I have to setup PF + SQUID = in > a P2 machine, with 128RAM and 6GB hard disk and just one nic. I virtualize= d > an interface with an ip 192.168.1.80 and it has squid, the nic has > 192.168.1.60 and all the lan is 192.168.1.0/24. > > My problem is that I can=C2=B4t browse some sites the must be permitted. > > pf.conf > > #rules for firewall > ext_nic =3D "dc0" > yo =3D "192.168.1.0/24" As Max suggested, it might be easier for Miguel in his native language =20 but we aren't sure which language that is but I'm going to take a shot =20 in Spanish and see if that helps. Apologies to the list and Miguel =20 can take other questions offline should he feel more comfortable in =20 Spanish. Hola Miguel, Por tu nombre, tal vez ser=C3=A1 m=C3=A1s f=C3=A1cil apoyarte en espa=C3=B1o= l. Te acabo =20 de hacer una configuracion basica para squid y otro para pf que espero =20 que te ayudan. Los tome de una configuraci=C3=B3n m=C3=ADa pero eliminando = lo =20 que no tiene que ver con un firewall basico o la operaci=C3=B3n de squid. = =20 Espero que te ayuda. http://encontacto.net/SHARE/pf.conf.BASICA.txt http://encontacto.net/SHARE/squid.conf.BASICA.txt Agreg=C3=A9 unos # comentarios que espero que sean utiles. Suerte y saludos, ed > > table {208.67.220.220, 208.67.222.222} > #SQUID CONFIGURATION > rdr pass on $ext_nic inet proto tcp from $yo to any port www -> > 192.168.1.80port 3128 > nat on $ext_nic from $yo to any -> ($ext_nic) > #FILTER > block all > #pass in on $ext_nic from $yo > pass out on $ext_nic from any to > > squid.conf > > #Recommended minimum configuration: > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > #///////// > acl special_client src 192.168.1.0/24 > #acl lista_permitidos url_regex "/usr/local/etc/squid/free.squid" > > #acl special_url url_regex ucci > acl hotmail dstdomain .hotmail.com > acl mail dstdomain .blu134.mail.live.com > acl mailhot dstdom_regex -i mail > acl hotmail_mail dstdomain .hotmail.msn.com > acl passport dstdomain .passport.net > acl msn dstdomain .msn.com > acl ie6 browser MSIE[[:space:]]6 > acl permitidos url_regex "/usr/local/etc/squid/free.squid" > acl palabra urlpath_regex -i login.srt > acl numconn maxconn 80 > acl browse_hotmail url_regex www.hotmail.com > acl browse_ulima url_regex www.ulima.edu.pe > acl browse_yahoo url_regex www.yahoo.com > > http_access allow manager localhost > http_access deny manager > # Deny requests to unknown ports > http_access deny !Safe_ports > # Deny CONNECT to other than SSL ports > http_access deny CONNECT !SSL_ports > ##http_access allow special_client lista_permitidos > ##http_access allow special_client hotmail > ##http_access allow special_client mailhot > ##http_access allow special_client mail > #http_access deny special_url > #http_access allow special_client > > http_access allow special_client permitidos > http_access allow special_client hotmail > http_access allow special_client mail > http_access allow special_client mailhot > http_access allow special_client Safe_ports > http_access allow special_client hotmail_mail > http_access allow special_client palabra > http_access allow special_client browse_hotmail > http_access allow special_client browse_ulima > http_access allow special_client browse_yahoo > #http_access allow special_client special_url > http_access deny all > > > Well, it doens`t work, when I try to surf in any domain name listed above = in > squid squid sends me a message: > > ERROR The requested URL could not be retrieved > ------------------------------ > > While trying to retrieve the URL: http://www.yahoo.com/ > > The following error was encountered: > > - * Connection to Failed * > > The system returned: > > * (1) Operation not permitted* > > The remote host or network may be down. Please try the request again. > > Your cache administrator is webmaster. > ------------------------------ > Generated Thu, 27 Dec 2007 13:12:36 GMT by pf (squid/2.6.STABLE16) > > > *Then in logs from squid I can see an 503 error TCP_MISS. > > I use FBSD 7 and SQUID 2.6, obviously with PF. Ah!, squid was compiled wit= h > pf habilities or something like that. > > Plz, what I am doing wrong. > * > > > -- > Atte. > > Miguel Alc=C3=A1ntara A. > From owner-freebsd-pf@FreeBSD.ORG Tue Jun 24 06:11:26 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2F8A4106566B for ; Tue, 24 Jun 2008 06:11:26 +0000 (UTC) (envelope-from jcw@highperformance.net) Received: from mx1.highperformance.net (s3.stradamotorsports.com [64.81.163.125]) by mx1.freebsd.org (Postfix) with ESMTP id EA3D78FC1B for ; Tue, 24 Jun 2008 06:11:25 +0000 (UTC) (envelope-from jcw@highperformance.net) Received: from w16.stradamotorsports.com (w16.stradamotorsports.com [192.168.1.16]) by mx1.highperformance.net (8.13.8/8.13.8) with ESMTP id m5O5HPcW015858 for ; Mon, 23 Jun 2008 22:17:26 -0700 (PDT) (envelope-from jcw@highperformance.net) Message-ID: <4860836B.4030402@highperformance.net> Date: Mon, 23 Jun 2008 22:17:31 -0700 From: "Jason C. Wells" User-Agent: Thunderbird 2.0.0.4pre (X11/20080205) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.4 required=2.5 tests=ALL_TRUSTED,BAYES_00 autolearn=failed version=3.1.6 X-Spam-Checker-Version: SpamAssassin 3.1.6 (2006-10-03) on s4.stradamotorsports.com Subject: PF with ftp-proxy X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2008 06:11:26 -0000 I am running pf with ftp-proxy and nat on 6.3-RELEASE. I am using the docs on the openbsd faq. The fine manual is not serving me well this evening. When attempting ftp connections firefox reports a variety of errors like "Bad IP" or "Passive connection must come from same host as control connection." From inetd.conf: ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -t 180 -a 127.0.0.1 From pf.conf: **snip** nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" rdr pass on $int_if proto tcp from any to any port ftp -> $localhost **snip** port ftp-proxy pass in all pass out all **snip** Inetd is spawning the ftp-proxy process when I attempt client access to ftp.freebsd.org. This seems to be working correctly. ftp-proxy -D is not producing any log output in /var/log/messages. How can that be? But even more mysteriously, as I typed this message I fired up tcpdump to try and figure things out. I then attempted to connect to ftp.freebsd.org and succeeded. I have changed no firewall rules during the time that I have been writing this message. Then I did a refresh in firefox and the ftp session failed. Double WTF? How on earth can the firewall work one second and then not work the next? One thing I miss in the documentation. Does ftp-proxy inject rules into pf using the ftp-proxy anchors? I realize my message is poorly written. I'm pretty confused right now. I'm not really sure what to ask to figure this out. I've followed the very simple docs. I can't imagine what I have missed. Regards, Jason From owner-freebsd-pf@FreeBSD.ORG Tue Jun 24 08:47:32 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 32E09106564A for ; Tue, 24 Jun 2008 08:47:32 +0000 (UTC) (envelope-from albinootje@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.224]) by mx1.freebsd.org (Postfix) with ESMTP id B32F88FC19 for ; Tue, 24 Jun 2008 08:47:31 +0000 (UTC) (envelope-from albinootje@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so9972092rvf.43 for ; Tue, 24 Jun 2008 01:47:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=e9Li7fF4U9pPadZM6xCXayhCQHQ3JsvVNqBUD8TfdSw=; b=F8yntifKL93DdfZeRQ5Hj9O2ZHiNmLA0JGIq6iIfbbu/nkJjzOL4o4J9iCm3cyLiTw 7mmLM22BLq68hG3gDHNYfbTVKznEK9phaDAjLNCZfHN2VyrnFXdV+J6cAnkQB+Gdlw3t j9YxaGC5CIaEYqeql9JMgTQ3xZ44PS8UEYLvs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=mv7PHKci6c2XMwsiLvFIAF0XUwbY1WKx2zCDGZwQFu9oqUf5xAe1RTyNBysXAB9OgF po72nhP287N7jVqe3AJbZvfcKjGqLQd+citcYezpPPqx+uFxnPoJeALNL67/EHsdEYYy QPXRjMkdCp2iyxfGM4rdZyS5kCVtH66JnRYvU= Received: by 10.141.204.16 with SMTP id g16mr14321156rvq.275.1214295789992; Tue, 24 Jun 2008 01:23:09 -0700 (PDT) Received: from ?192.168.0.137? ( [217.19.30.147]) by mx.google.com with ESMTPS id c53sm9315821wrc.28.2008.06.24.01.23.08 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 24 Jun 2008 01:23:09 -0700 (PDT) Message-ID: <4860AEEA.8090905@gmail.com> Date: Tue, 24 Jun 2008 10:23:06 +0200 From: albinootje User-Agent: Thunderbird 2.0.0.14 (X11/20080502) MIME-Version: 1.0 To: "Jason C. Wells" References: <4860836B.4030402@highperformance.net> In-Reply-To: <4860836B.4030402@highperformance.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: PF with ftp-proxy X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2008 08:47:32 -0000 Jason C. Wells wrote: > But even more mysteriously, as I typed this message I fired up tcpdump > to try and figure things out. I then attempted to connect to > ftp.freebsd.org and succeeded. I have changed no firewall rules during > the time that I have been writing this message. Then I did a refresh in > firefox and the ftp session failed. Double WTF? How on earth can the > firewall work one second and then not work the next? i'm using the following lines in pf.conf : rdr on $intif proto tcp from $intif:network to any port ftp -> 127.0.0.1 port 8021 pass in on $extif inet proto tcp from port ftp-data to $extif user proxy flags S/SA keep state and this does not work in firefox (2.x), but it works fine with ncftp and gftp From owner-freebsd-pf@FreeBSD.ORG Wed Jun 25 02:12:21 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A0B021065674 for ; Wed, 25 Jun 2008 02:12:21 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.232]) by mx1.freebsd.org (Postfix) with ESMTP id 87D618FC21 for ; Wed, 25 Jun 2008 02:12:21 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so10401852rvf.43 for ; Tue, 24 Jun 2008 19:12:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; b=pcyesj5ZoEDVwxUlm++3eWNRBbSugsFnNDjms4J5QKB7ApVdWrMuPz5C+7T+blPLqZ /nVbakhfwX5f/DljlwkBN/dlkrBFKubYPfIcsmIs2HjcsHIJCdyIQLDMqUtngBfzm1CC 8HJYvnR9IpdVLp9QxhnzM7SW2AcBz9eFp01j0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=c9rhe9cUL0f2l74JqiNYjTUQdvp855Rs5pMbn+yLffRIsxMBcgf7JBd570bQY2CdgZ YX4+8uMQLtJisYyW8lbf4RIfY3F2xS2C8O1ropG+xL/fGRg/I660SMmx/4RKf0FR2U2q F/RI1oN0v4Ay2SKHVws50UNoi1cbTbrYa9e/k= Received: by 10.141.50.11 with SMTP id c11mr8580651rvk.222.1214358331314; Tue, 24 Jun 2008 18:45:31 -0700 (PDT) Received: by 10.141.171.21 with HTTP; Tue, 24 Jun 2008 18:45:31 -0700 (PDT) Message-ID: <8e10486b0806241845h6e9151f1x1b26584dfd386ddc@mail.gmail.com> Date: Tue, 24 Jun 2008 22:45:31 -0300 From: "Alexandre Biancalana" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: When carpdev will be committed ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jun 2008 02:12:21 -0000 From owner-freebsd-pf@FreeBSD.ORG Wed Jun 25 05:30:32 2008 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E11A71065670; Wed, 25 Jun 2008 05:30:32 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C42128FC16; Wed, 25 Jun 2008 05:30:32 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m5P5UWCN055798; Wed, 25 Jun 2008 05:30:32 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m5P5UW6m055794; Wed, 25 Jun 2008 05:30:32 GMT (envelope-from linimon) Date: Wed, 25 Jun 2008 05:30:32 GMT Message-Id: <200806250530.m5P5UW6m055794@freefall.freebsd.org> To: lionel.fourquaux+fbsdbug@normalesup.org, linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-pf@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/124933: [pf] [ip6] pf does not support (drops) IPv6 fragmented packets X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jun 2008 05:30:33 -0000 Old Synopsis: pf does not support (drops) IPv6 fragmented packets New Synopsis: [pf] [ip6] pf does not support (drops) IPv6 fragmented packets State-Changed-From-To: open->suspended State-Changed-By: linimon State-Changed-When: Wed Jun 25 05:28:51 UTC 2008 State-Changed-Why: Over to maintainers; mark as suspended as it may be an upstream problem. Responsible-Changed-From-To: freebsd-bugs->freebsd-pf Responsible-Changed-By: linimon Responsible-Changed-When: Wed Jun 25 05:28:51 UTC 2008 Responsible-Changed-Why: http://www.freebsd.org/cgi/query-pr.cgi?pr=124933 From owner-freebsd-pf@FreeBSD.ORG Thu Jun 26 12:44:39 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 48A7B1065674 for ; Thu, 26 Jun 2008 12:44:39 +0000 (UTC) (envelope-from lan@rcfd.spb.ru) Received: from rcfd.spb.ru (73.38.leased.lanck.net [62.152.73.38]) by mx1.freebsd.org (Postfix) with ESMTP id BD7B68FC1C for ; Thu, 26 Jun 2008 12:44:38 +0000 (UTC) (envelope-from lan@rcfd.spb.ru) Received: from [10.1.2.156] (HELO localhost) by rcfd.spb.ru (CommuniGate Pro SMTP 5.2.0) with ESMTP id 2928939 for freebsd-pf@freebsd.org; Thu, 26 Jun 2008 16:44:36 +0400 Date: Thu, 26 Jun 2008 16:44:31 +0400 From: Alexey Lanetskiy X-Mailer: The Bat! (v3.85.03) Professional Organization: FHCC X-Priority: 3 (Normal) Message-ID: <951843799.20080626164431@rcfd.spb.ru> To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: reply-to speed issue X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alexey Lanetskiy List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jun 2008 12:44:39 -0000 Hello everybody. Please, take a few minutes to read and answer: http://lists.freebsd.org/pipermail/freebsd-pf/2008-June/004516.html -- wbr, Alexey. From owner-freebsd-pf@FreeBSD.ORG Thu Jun 26 23:30:05 2008 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1504E106564A for ; Thu, 26 Jun 2008 23:30:05 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from websrv01.jr-hosting.nl (websrv01.jr-hosting.nl [78.47.69.233]) by mx1.freebsd.org (Postfix) with ESMTP id CDADA8FC13 for ; Thu, 26 Jun 2008 23:30:04 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from [195.64.94.120] (helo=[10.0.2.148]) by websrv01.jr-hosting.nl with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1KC0F9-000EbW-Sm; Fri, 27 Jun 2008 00:47:07 +0200 Message-ID: <48641C68.1070203@FreeBSD.org> Date: Fri, 27 Jun 2008 00:47:04 +0200 From: Remko Lodder User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421) MIME-Version: 1.0 To: pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: julian@elischer.org Subject: [Fwd: need help from pf developer(s)] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jun 2008 23:30:05 -0000 FYI -------- Original Message -------- Subject: need help from pf developer(s) Date: Thu, 26 Jun 2008 12:44:48 -0700 From: Julian Elischer To: FreeBSD Net If you are one of the people that know and love pf, I'd like to speak to you on one side about testing pf with vimage.. (and making it work as I'm sure it doesn't). _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- /"\ Best regards, | remko@FreeBSD.org \ / Remko Lodder | remko@EFnet X http://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News