From owner-freebsd-net@FreeBSD.ORG Thu Jul 1 14:43:18 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2196E16A4CE for ; Thu, 1 Jul 2004 14:43:18 +0000 (GMT) Received: from frontier.fr (www.frontier.fr [213.161.193.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id 36CC843D1D for ; Thu, 1 Jul 2004 14:43:17 +0000 (GMT) (envelope-from fz@frontier.fr) Received: from hydralisk.webnext.com (213.161.193.29:4153) by www.frontier.fr with [XMail 1.18 (Win32/Ix86) ESMTP Server] id for from ; Thu, 1 Jul 2004 16:42:25 +0200 From: To: Errors-To: X-Originating-Ip: [213.161.192.232] X-Mailer: WebNextMail v0.9.3.1 Content-Type: text/plain; Content-Transfer-Encoding: 8bit Message-Id: <20040701144317.36CC843D1D@mx1.FreeBSD.org> Date: Thu, 1 Jul 2004 14:43:17 +0000 (GMT) Subject: ipf over bridge strange problem. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: fz@frontier.fr List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2004 14:43:18 -0000 Hi, For technical (and especially customer) reasons, i setted up a firewalling solution based on FreeBSD 4.x (kernel compiled with BRIDGE option) and ipf. No more particular stuff. You'ld find others configuration details at the end of this post (dmesg and more). Now, the problem. Randomly, ipf starts to reject incomming connexions that should be ok (as wrote in the rules file). If i reload ipf, things become nice again. I really get lost with this .. Any Help would be appreciated. Iface are intel cards using fxp or em drivers. /var/run/dmesg.boot: Copyright (c) 1992-2003 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.9-STABLE #0: Tue Dec 16 11:22:07 GMT 2003 noc@fhost.frontier.fr:/usr/src/sys/compile/GETSEC Timecounter "i8254" frequency 1193182 Hz CPU: AMD Duron(tm) processor (1300.06-MHz 686-class CPU) Origin = "AuthenticAMD" Id = 0x671 Stepping = 1 Features=0x383f9ff AMD Features=0xc0400000 real memory = 259981312 (253888K bytes) avail memory = 247152640 (241360K bytes) Preloaded elf kernel "kernel" at 0xc05a9000. Pentium Pro MTRR support enabled md0: Malloc disk Using $PIR table, 6 entries at 0xc00fdc10 npx0: on motherboard npx0: INT 16 interface pcib0: on motherboard pci0: on pcib0 agp0: mem 0xd0000000-0xd3ffffff at device 0.0 on pci0 pcib1: at device 1.0 on pci0 pci1: on pcib1 pci1: at 0.0 irq 12 isab0: at device 7.0 on pci0 isa0: on isab0 atapci0: port 0xc000-0xc00f at device 7.1 on pci0 atapci0: Correcting VIA config for southbridge data corruption bug ata0: at 0x1f0 irq 14 on atapci0 ata1: at 0x170 irq 15 on atapci0 uhci0: port 0xc400-0xc41f irq 11 at device 7.2 on pci0 usb0: on uhci0 usb0: USB revision 1.0 uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1: port 0xc800-0xc81f irq 11 at device 7.3 on pci0 usb1: on uhci1 usb1: USB revision 1.0 uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered pci0: (vendor=0x1106, dev=0x3057) at 7.4 hip0: port 0xd400-0xd403,0xd000-0xd003,0xcc00-0xccff irq 5 at device 7.5 on pci0 fxp0: port 0xdc00-0xdc1f mem 0xd8000000-0xd80fffff,0xd8201000-0xd8201fff irq 12 at devi ce 8.0 on pci0 fxp0: Ethernet address 00:08:c7:ba:c7:4e inphy0: on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp1: port 0xe000-0xe01f mem 0xd8100000-0xd81fffff,0xd8200000-0xd8200fff irq 10 at devi ce 9.0 on pci0 fxp1: Ethernet address 00:60:b0:57:28:56 inphy1: on miibus1 inphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc0: port 0xe400-0xe4ff mem 0xd8202000-0xd82023ff irq 11 at device 15.0 on pci0 dc0: Ethernet address: 00:10:dc:a4:77:e6 miibus2: on dc0 ukphy0: on miibus2 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto orm0: