From owner-freebsd-pf@FreeBSD.ORG Sat Mar 31 23:37:58 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6599216A405 for ; Sat, 31 Mar 2007 23:37:58 +0000 (UTC) (envelope-from vchepkov@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.239]) by mx1.freebsd.org (Postfix) with ESMTP id 2642713C45D for ; Sat, 31 Mar 2007 23:37:58 +0000 (UTC) (envelope-from vchepkov@gmail.com) Received: by wx-out-0506.google.com with SMTP id s18so815212wxc for ; Sat, 31 Mar 2007 16:37:57 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:from:to:subject:date:mime-version:content-type:content-transfer-encoding:x-priority:x-msmail-priority:x-mailer:x-mimeole; b=RbblWyLCV/rGHMUCx1h2SoXAE4hJ9T0dEHHYzi8fI6b7iG3PnQh++mhnNRz9xqoCZ0Kq/rP/UxvRdKfYqdVBJ9jPstvITwiYFWGdPczda2kyRDWwyYOgwBadjTaorKx7jI6ZpSljSvwBbZsZtjaV51dz8+IpS8Fnf6cfeV1nHR4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:from:to:subject:date:mime-version:content-type:content-transfer-encoding:x-priority:x-msmail-priority:x-mailer:x-mimeole; b=ZrajpqrfDJe/FLfR6AUb/iv7jympVdo+UqtdMJDScotDn1htHdqoQCSvTTf68M9etZEnKPUANdKJVi2DUo9LIARxSzUN0ZVj6cSVOUHDetu8Cs3llYV4Y9tO+RW14t4AsuX/BdvqDdOn0Z21PL+uSBIaV/YyfHjspt9TC+I6GEA= Received: by 10.70.61.1 with SMTP id j1mr6349338wxa.1175384277640; Sat, 31 Mar 2007 16:37:57 -0700 (PDT) Received: from d600 ( [72.73.17.59]) by mx.google.com with ESMTP id i34sm6296171wxd.2007.03.31.16.37.57; Sat, 31 Mar 2007 16:37:57 -0700 (PDT) Message-ID: <00f801c773ed$96fbb470$0610a8c0@chepkov.lan> From: "Vadym Chepkov" To: Date: Sat, 31 Mar 2007 19:37:47 -0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="Windows-1252"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Subject: Re: packet filter and amanda X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Mar 2007 23:37:58 -0000 I forgot to mention, I see those packets in log only when I comment out scrub If scrub in all option is on, packets just disappear :( > Hello everybody, > > I finally gave up, maybe somebody can help me. > I have a router with FreeBSD 6.2-RELEASE-p1 with custom buld kernel: > > device pf # PF OpenBSD packet-filter firewall > device pflog # logging support interface for PF > > I am using amanda to backup a client which is behind router with pf > running > > amanda server - FreeBSD pf - amanda client > > I compiled amanda with tcp/udp port ranges but I can get that far. > I expect this rule to allow amanda server to connect to amanda client: > > pass out quick on $dmz_if proto udp from $amanda_server to any port 10080 > keep state > > Unfortunately, not all packets match this rule. > When I added this rule below, it works fine,, but it's too permissive > > pass out log quick on $dmz_if from $amanda_server to any > > These are packets that I can see in the log and I can't understand, why it > doesn't match my rule. > > 18:27:38.740741 IP (tos 0x0, ttl 63, id 61548, offset 0, flags [+], > proto: UDP (17), length: 1500) 192.168.17.2.859 > 192.168.16.2.10080: UDP, > length 1892 > 18:27:38.740752 IP (tos 0x0, ttl 63, id 61548, offset 1480, flags [none], > proto: UDP (17), length: 440) 192.168.17.2 > 192.168.160.2: udp > > Could you tell me, what I am doing wrong, please. > > Thank you, > Vadym Chepkov