Date: Fri, 9 Jun 2006 17:21:00 +0200 From: Ludovit Koren <lk@tempest.sk> To: freebsd-questions@freebsd.org Subject: FreeBSD 6.1-RELEASE + PF Message-ID: <20060609.172100.71081351.lk@tempest.sk>
next in thread | raw e-mail | index | archive | help
Hi, I have problem to set up PIM and IGMP communication with pf on FreeBSD 6.1-RELEASE. # pfctl -s state self igmp 195.28.109.40 -> 224.0.0.2 SINGLE:NO_TRAFFIC self igmp 195.28.109.40 -> 224.0.0.13 SINGLE:NO_TRAFFIC self igmp 224.0.0.1 <- 195.28.109.25 NO_TRAFFIC:SINGLE self igmp 224.0.0.2 <- 195.28.109.40 NO_TRAFFIC:SINGLE self igmp 224.0.0.13 <- 195.28.109.40 NO_TRAFFIC:SINGLE self tcp 195.28.109.40:22 -> 195.28.109.37:58349 ESTABLISHED:ESTABLISHED self udp 255.255.255.255:8225 <- 195.28.109.29:1025 NO_TRAFFIC:SINGLE self pim 195.28.109.40 -> 224.0.0.13 SINGLE:NO_TRAFFIC self pim 224.0.0.13 <- 195.28.109.25 NO_TRAFFIC:SINGLE self pim 224.0.0.13 <- 195.28.109.40 NO_TRAFFIC:SINGLE self pfsync 195.28.109.40 -> 0.0.0.0 SINGLE:NO_TRAFFIC xorp immediately starts to give the following message: [ 2006/06/09 17:13:24 WARNING xorp_fea XrlMfeaTarget ] Handling method for mfea/0.1/send_protocol_message4 failed: XrlCmdError 102 Command failed Cannot send PIMSM_4 protocol message from 195.28.109.40 to 224.0.0.13 on vif em0: sendmsg(proto 103 size 34 from 195.28.109.40 to 224.0.0.13 on vif em0) failed: Operation not permitted [ 2006/06/09 17:13:24 ERROR xorp_pimsm4:18051 PIM +2623 xrl_pim_node.cc mfea_client_send_protocol_message_cb ] Cannot send a protocol message: 102 Command failed Cannot send PIMSM_4 protocol message from 195.28.109.40 to 224.0.0.13 on vif em0: sendmsg(proto 103 size 34 from 195.28.109.40 to 224.0.0.13 on vif em0) failed: Operation not permitted # pfctl -s rules scrub in all fragment reassemble block drop in log all pass in on xl0 inet from <quadia> to 195.28.126.13 keep state pass out on xl0 inet from 195.28.126.13 to <quadia> keep state queue dflt pass out on xl0 inet from 195.28.126.13 to any keep state queue dflt pass out on em0 inet all keep state queue dfltem pass out on em1 inet all keep state queue dfltem1 pass in proto tcp from any to any port = ssh keep state pass in on em0 inet proto udp from 195.28.109.0/24 to 195.28.109.40 port = 5060 keep state pass in on em0 inet proto udp from 195.28.109.0/24 port = 8000 to 195.28.109.40 keep state pass in on em0 inet proto udp from 195.28.109.0/24 port = 8001 to 195.28.109.40 keep state pass in on em0 inet proto tcp from 195.28.109.36 to 195.28.109.40 port = nut keep state pass in on em0 inet proto tcp from 195.28.109.37 to 195.28.109.40 port = http keep state pass in on em0 inet proto tcp from 195.28.109.37 to 195.28.109.40 port = 4445 keep state pass in on em0 inet proto tcp from 195.28.109.88 to 195.28.109.40 port = http keep state pass in on em0 inet proto tcp from 195.28.109.88 to 195.28.109.40 port = 4445 keep state pass in on em0 inet proto udp from 195.28.109.0/24 to 195.28.109.40 port 9999:20001 keep state pass in on em0 inet proto udp from 195.28.109.0/24 to 195.28.109.40 port = domain keep state pass in on em0 inet proto udp from 195.28.109.0/24 to 195.28.109.40 port = 4520 keep state pass in on em0 inet proto udp from 195.28.109.0/24 to 195.28.109.40 port = 4569 keep state pass in on em0 all keep state pass in on em1 all keep state when I disable the firewall xorp runs as expected. It does not matter if I add specific rule for PIM and IGMP or general, i.e. let all traffic go through. Is it a bug in the pf or am I doing something wrong? Any help appreciated. Regards, lk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060609.172100.71081351.lk>