From owner-freebsd-pf@FreeBSD.ORG Wed Mar 18 02:00:31 2015 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2F424DEE for ; Wed, 18 Mar 2015 02:00:31 +0000 (UTC) Received: from mail-qg0-x231.google.com (mail-qg0-x231.google.com [IPv6:2607:f8b0:400d:c04::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E0050178 for ; Wed, 18 Mar 2015 02:00:30 +0000 (UTC) Received: by qgez64 with SMTP id z64so25776204qge.2 for ; Tue, 17 Mar 2015 19:00:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type; bh=3sSPTM+W36+JvhTDyAndoKtT0vO0AaW4Mqf33fm85xo=; b=fR/vxicfs/G2ED2h1Y2CsR/iLeOm89cDH9+1iH9tKIHwKrj2FuUG5Wkzh5YbIKo48N DrBXUQDrMiSZk1fPCxUk6Zkukg5HKfhXQgDg2k3fTBz+7RDO/eThcsbns+2XdT1xXF2O ihTcYM5ACzlfr6kX4LDwY9lPQMyKHt2u3b0jAqlvlG8xa5hZLeX5TXzuag8ji/dFqyh1 f1WPrrUCALHQ9US1d4YTX/FTKUr+Dd1uDwJIZu1SWjiRaSY7tZvKW5KvqjY9d5iX4IEK 0zJNirj/tfnydLzj/D+oaipCivyOW7CpxSzLO0YjCwW7HQ05fFBEw+xivXkbdgJhz7k9 07Ng== X-Received: by 10.55.54.19 with SMTP id d19mr98485087qka.98.1426644029007; Tue, 17 Mar 2015 19:00:29 -0700 (PDT) Received: from [10.0.0.230] (pool-74-103-59-158.bltmmd.fios.verizon.net. [74.103.59.158]) by mx.google.com with ESMTPSA id u6sm10879009qhd.45.2015.03.17.19.00.27 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Mar 2015 19:00:27 -0700 (PDT) Message-ID: <5508DC3A.4070603@gmail.com> Date: Tue, 17 Mar 2015 22:00:26 -0400 From: John Jasen User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: FreeBSD Net Subject: bug in tftp-proxy, unable to write rdr rules Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2015 02:00:31 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198674 In FreeBSD 10.1-RELEASE-p6, a rule similar to the below will result in no tftp connection, and entries in /var/log/messages such as: "Mar 17 23:38:28 vm-fbd-fw-02 tftp-proxy[28376]: pf connection lookup failed (no rdr?)" rdr pass log on em0 proto udp from 10.0.0.0/24 to 10.0.0.5 port 69 \ -> 127.0.0.1 port 6969 The error comes from: /usr/src/contrib/pf/tftp-proxy.c: " /* find the un-rdr'd server and port the client wanted */ if (server_lookup((struct sockaddr *)&from, (struct sockaddr *)&proxy, (struct sockaddr *)&server, IPPROTO_UDP) != 0) { syslog(LOG_ERR, "pf connection lookup failed (no rdr?)"); exit(1); } " This did not happen in FreeBSD 10.0.