From owner-freebsd-questions@FreeBSD.ORG Fri Jun 17 22:44:01 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7EBF016A41C for ; Fri, 17 Jun 2005 22:44:01 +0000 (GMT) (envelope-from ayakokiko@ybb.ne.jp) Received: from ybbsmtp16.mail.mci.yahoo.co.jp (ybbsmtp16.mail.mci.yahoo.co.jp [210.80.241.190]) by mx1.FreeBSD.org (Postfix) with SMTP id 1648643D49 for ; Fri, 17 Jun 2005 22:44:00 +0000 (GMT) (envelope-from ayakokiko@ybb.ne.jp) Received: from unknown (HELO gorgon.near.this) (219.11.234.11 with poptime) by ybbsmtp16.mail.mci.yahoo.co.jp with SMTP; 17 Jun 2005 22:43:59 -0000 X-Apparently-From: Received: from hydra.near.this (hydra.near.this [10.0.3.20]) by gorgon.near.this (Postfix) with ESMTP id 6C5327F24 for ; Sat, 18 Jun 2005 07:43:51 +0900 (JST) Received: by hydra.near.this (Postfix, from userid 100) id E53C69C46; Sat, 18 Jun 2005 07:43:50 +0900 (JST) Date: Sat, 18 Jun 2005 07:43:47 +0900 From: horio shoichi To: freebsd-questions@freebsd.org In-Reply-To: <20050617151245.75132.qmail@web33103.mail.mud.yahoo.com> References: <20050617151245.75132.qmail@web33103.mail.mud.yahoo.com> X-Mailer: Sylpheed-Claws 1.9.11 (GTK+ 2.6.8; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20050617.224350.942a642fdeb4ea08.10.0.3.20@bugsgrief.net> Subject: Re: Vexing IPF problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jun 2005 22:44:01 -0000 On Fri, 17 Jun 2005 08:12:45 -0700 (PDT) DH wrote: > I'm having a problem with IPF blocking packets that appear should be let through. > > I've sent quite a bit of time going through the Handbook, man pages, etc & I must be missing something so any help is greatly appriciated. > > uname -a freebsd 4.11-release #0 > > SMP kernel, dual PIII processor, 512 MB ECC RAM, SCSI HDs > > execerpt from rule set: > > Kernel compiled with "default allow" until I finish getting the ruleset rewritten. > > Rule #1 block in log from any to any > > pass in quick on lo0 > pass out quick on lo0 > > block in log quick on fxp0 from any to any with ipopts > block in log quick proto tcp from any to any with short > ... > pass in log first proto tcp from any to any port = 80 flags S keep state > pass in log first proto tcp from any port = 80 to any flags S keep state > pass out log first proto tcp from any to any port = 80 flags S keep state > > > netstat -m = 129/576/16384 > 9% of mb_map in use > > Proxy Server - Squid 2.5.stable10 > > > The behavior I'm seeing is out going connections to websites on port 80 are being passed > but the in bound traffic is being blocked. The ipflog entries look like this: > > > my ip = s theirs = d > > @0:390 p s.s.s.s,3601 -> d.d.d.d,80 PR tcp len 20 60 -S K-S OUT > > @0:1 b d.d.d.d,80 -> s.s.s.s,3601 PR tcp len 20 43 -AR IN > > > > Thanks in advance to those giving their time to lend a hand, I know you time is valuable. > > Please CC my address in your reply. > > David Hutchens III > Network Technician > > > > > > --------------------------------- > Yahoo! Sports > Rekindle the Rivalries. Sign up for Fantasy Football > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Any reason you avoid 'quick' keywords in rules around 390 ? Also, from my vague memory 'first' should not be necessary with 'quick'. horio shoichi