Date: Sat, 27 Nov 2004 13:01:49 +0100 From: Daniel Hartmeier <daniel@benzedrine.cx> To: freebsd-net@freebsd.org, freebsd-current@freebsd.org Subject: Re: rsh is malfunctioning due to pf Message-ID: <20041127120149.GE23786@insomnia.benzedrine.cx> In-Reply-To: <20041126203354.GB81834@astral-on.net> References: <20041126203354.GB81834@astral-on.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 26, 2004 at 10:33:54PM +0200, Andrew Degtiariov wrote: > I have ipcad installed on 2 PC's running 5.3-RELEASE and 5-STABLE from > Nov 21. ipcad (ports/net-mgmt/ipcad) provides ability to control them > by rsh (ipcad implement rsh server by yourself). While using pf with > primitive rulesets rsh stops its working. It seems like pf drop short > packets. The 'short' reason is a little overloaded, it can have two meanings. The less likely case is where the mbuf didn't contain a complete IP header. More likely, the packet contains IP options, which pf blocks by default. You can isolate the problem by a) enabling debug logging with pfctl -xm and watching the console or /var/log/messages for messages from 'pf: ' b) dumping an entire packet that is being blocked, with tcpdump -s 1600 -nvvvetttSXi pflog0 c) adding 'allow-opts' to all your pass rules and see if the problem goes away Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041127120149.GE23786>