From owner-freebsd-questions@freebsd.org Mon Oct 5 21:42:33 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DC5229B9800 for ; Mon, 5 Oct 2015 21:42:32 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com [IPv6:2a00:1450:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 78591B28 for ; Mon, 5 Oct 2015 21:42:32 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: by wicfx3 with SMTP id fx3so139612022wic.1 for ; Mon, 05 Oct 2015 14:42:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=g1+vccmMJOX2SnN+WjiTC9CfXJtiFcl9tt3I4BzGpCc=; b=jeWId78WWoZlEHON3FlGdi6Ejq+5ZegiKIl+C12DU0cwHM0K/J1oswHLS/mW63kzbO tW+mM7px18UU9esiiX2GHci9bE59fT+tyVHkLSGSBM4Gcu4ZJDwsXsJV1y008pEn5gQY 7EJxJM5FYvN8vWb13sMwiWqpp0bqODJI1EnKVBGvcHAuUB2PA35OV2setvZtVdWBdX0x dyH1pEJMgDn9B1qDGL9nMtrWa0GOdYq+3/6i4E+TS4iwr66ilht5zpLhiiJ32TqLgevT WILVLMbc3Yha9aGoH3zTSyK3pNnJFqp74MvTEvQV3Ef9O+k0ukphXCCcOfsijuuubTC6 cGjw== MIME-Version: 1.0 X-Received: by 10.194.103.130 with SMTP id fw2mr37205226wjb.121.1444081350828; Mon, 05 Oct 2015 14:42:30 -0700 (PDT) Received: by 10.194.16.231 with HTTP; Mon, 5 Oct 2015 14:42:30 -0700 (PDT) In-Reply-To: <5612E791.4040708@kulturflatrate.net> References: <5612E791.4040708@kulturflatrate.net> Date: Mon, 5 Oct 2015 16:42:30 -0500 Message-ID: Subject: Re: PF stops tmux from working?! From: Adam Vande More To: Niklaas Baudet von Gersdorff Cc: FreeBSD Questions Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2015 21:42:33 -0000 On Mon, Oct 5, 2015 at 4:11 PM, Niklaas Baudet von Gersdorff < niklaas@kulturflatrate.net> wrote: > I have a host with several jails on it. The jails have a public IPv6 > assigned to the external interface. Using PF as firewall, I was used to > block all incoming traffic and I initially set > > > pass out on $ext_if proto { tcp udp } all > > Recently, I changed the settings to also restrict outgoing traffic. E.g. > there are some jails that are only allowed to send traffic within my > IPv6 network. > > Since I restricted the access, in some jails, I cannot use tmux anymore > which I don't understand because I wouldn't have thought of a relation > between a terminal multiplexer and a firewall. > > > tmux -vvvvvvvv > > created some logfiles that I attached but they don't look promising. > (The respective tmux-client-19034.log is empty.) > > I have read that it's possible to do some debugging with > > > truss tmux > > which, in fact, turned out some results that might relate the > dysfunction of tmux to the changes of the firewall. The full file is > attached, the lines that I assume relevant follow: > > > connect(5,{ AF_UNIX "/tmp/tmux-1001/default" },24) ERR#61 'Connection > refused' > > stat("/usr/share/nls/C/libc.cat",0x7fffffffdcd8) ERR#2 'No such file or > directory' > > stat("/usr/share/nls/libc/C",0x7fffffffdcd8) ERR#2 'No such file or > directory' > > stat("/usr/local/share/nls/C/libc.cat",0x7fffffffdcd8) ERR#2 'No such > file or directory' > > stat("/usr/local/share/nls/libc/C",0x7fffffffdcd8) ERR#2 'No such file > or directory' > [...] > > socket(PF_INET,SOCK_DGRAM,0) ERR#43 'Protocol not > supported' > > poll({4/POLLIN},1,0) = 0 (0x0) > > fcntl(0,F_GETFL,) = 6 (0x6) > > fcntl(0,F_SETFL,0x2) = 0 (0x0) > > process exit, rval = 1 > > I have no clue what the above line mean but what made me suspicious is line > > > socket(PF_INET,SOCK_DGRAM,0) ERR#43 'Protocol not > supported' > > because I relate "/PF/_INET" to the /pf/ firewall. Searching for > PF_INET != PF. Your issue isn't related to a firewall at all but rather your previous question. tmux is attempting to open an IPv4 socket and in your environment it isn't supported. -- Adam