From owner-freebsd-pf@FreeBSD.ORG Wed Aug 1 15:32:27 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3A66516A417 for ; Wed, 1 Aug 2007 15:32:27 +0000 (UTC) (envelope-from patpro@patpro.net) Received: from postfix1-g20.free.fr (postfix1-g20.free.fr [212.27.60.42]) by mx1.freebsd.org (Postfix) with ESMTP id CC99513C45B for ; Wed, 1 Aug 2007 15:32:26 +0000 (UTC) (envelope-from patpro@patpro.net) Received: from smtp1-g19.free.fr (smtp1-g19.free.fr [212.27.42.27]) by postfix1-g20.free.fr (Postfix) with ESMTP id EBFFC1818B52 for ; Wed, 1 Aug 2007 17:13:40 +0200 (CEST) Received: from smtp1-g19.free.fr (localhost.localdomain [127.0.0.1]) by smtp1-g19.free.fr (Postfix) with ESMTP id 633C51AB2DA; Wed, 1 Aug 2007 17:13:39 +0200 (CEST) Received: from boleskine.patpro.net (boleskine.patpro.net [82.235.12.223]) by smtp1-g19.free.fr (Postfix) with ESMTP id F38761AB2E0; Wed, 1 Aug 2007 17:13:38 +0200 (CEST) Received: from [192.168.0.2] (unknown [192.168.0.2]) by boleskine.patpro.net (Postfix) with ESMTP id 69F411CC0E; Wed, 1 Aug 2007 17:13:38 +0200 (CEST) In-Reply-To: <001101c7d441$0f61aa10$2e24fe30$@Hennessy@nviz.net> References: <001101c7d441$0f61aa10$2e24fe30$@Hennessy@nviz.net> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed Message-Id: <569F9080-B78F-400B-B3C5-FCA05F04BF80@patpro.net> Content-Transfer-Encoding: quoted-printable From: Patrick Proniewski Date: Wed, 1 Aug 2007 17:13:38 +0200 To: "Greg Hennessy" X-Mailer: Apple Mail (2.752.2) Cc: freebsd-pf@freebsd.org Subject: Re: strange "throttling" issue with pf on xDSL connection X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 15:32:27 -0000 On 01 ao=FBt 2007, at 15:37, Greg Hennessy wrote: > Posting a copy of your pf.conf here we go : # macros int_if =3D "em0" int_if_sec =3D "em1" ext_if =3D "fxp0" wif_if =3D "ath0" tcp_services =3D "{ 22, 113, 80, 443, 25, 53, 554 }" udp_services =3D "{ 53 }" admin_tcp_services =3D "{ 311, 625, 5900, 5988 }" admin_udp_services =3D "{ 3283 }" icmp_types =3D "echoreq" priv_nets =3D "{ 127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8 }" table persist { --few IPs-- } table persist { --few IPs-- } table persist file "/etc/pf.liste_ip_spamer" table persist file "/etc/pf.liste_ip_ssh_scan" table persist file "/etc/pf.liste_ip_webspam" table persist { --few IPs-- } # options set block-policy return set loginterface $ext_if # scrub scrub in all # nat/rdr nat on $ext_if from $int_if:network to any -> ($ext_if) nat on $ext_if from $int_if_sec:network to any -> ($ext_if) # filter rules block log all block in log quick proto tcp from to any port smtp block in log quick proto tcp from to any port ssh block in log quick proto tcp from to any port http pass quick on lo0 all block drop in log quick on $ext_if from $priv_nets to any block drop out log quick on $ext_if from any to $priv_nets pass in on $ext_if inet proto tcp from any to ($ext_if) port =20 $tcp_services flags S/SA keep state pass in on $ext_if inet proto udp from any to ($ext_if) port =20 $udp_services keep state ##### admin pass in log on $ext_if inet proto tcp from { , =20 } to { ($ext_if), 192.168.0.2 } port $admin_tcp_services =20 flags S/SA keep state pass in log on $ext_if inet proto udp from { , =20 } to { ($ext_if), 192.168.0.2 } port $admin_udp_services =20 keep state ##### OpenArena pass in on $ext_if inet proto tcp from to ($ext_if) port =20 56789 flags S/SA keep state pass in on $ext_if inet proto udp from to ($ext_if) port =20 56789 keep state pass in inet proto icmp all icmp-type $icmp_types keep state pass in on $int_if from $int_if:network to any keep state pass out on $int_if from any to $int_if:network keep state pass in on $int_if_sec from $int_if_sec:network to any keep state pass out on $int_if_sec from any to $int_if_sec:network keep state pass out on $ext_if proto tcp all modulate state flags S/SA pass out on $ext_if proto { udp, icmp } all keep state > and trawling the logs for drops around the > same time as the transfers are underway would be useful. Absolutely nothing interesting out of `tcpdump -n -e -ttt -i pflog0` Only a bunch of blocks for rule "0": 000000 rule 0/0(match): block in on fxp0: 82.235.245.158 > =20 82.235.12.223: [|tcp] 507955 rule 0/0(match): block in on fxp0: 82.235.245.158 > =20 82.235.12.223: [|tcp] 689510 rule 0/0(match): block in on fxp0: 82.235.245.158 > =20 82.235.12.223: [|tcp] 41. 432770 rule 0/0(match): block in on fxp0: 82.235.85.225 > =20 82.235.12.223: [|tcp] 584629 rule 0/0(match): block in on fxp0: 82.235.85.225 > =20 82.235.12.223: [|tcp] 2. 251236 rule 0/0(match): block in on fxp0: 82.235.228.221 > =20 82.235.12.223: [|tcp] 506420 rule 0/0(match): block in on fxp0: 82.235.225.106 > =20 82.235.12.223: [|tcp] 5. 288575 rule 0/0(match): block in on fxp0: 82.235.225.106 > =20 82.235.12.223: [|tcp] 12. 352415 rule 0/0(match): block in on fxp0: 82.235.245.158 > =20 82.235.12.223: [|tcp] I've found this in /var/log/debug.log: ../.. Aug 1 14:00:01 boleskine pflogd[410]: [priv]: msg PRIV_OPEN_LOG =20 received Aug 1 16:00:02 boleskine pflogd[410]: [priv]: msg PRIV_OPEN_LOG =20 received ../.. But I believe it's not related to my problem at all. regards, patpro