From owner-freebsd-stable@FreeBSD.ORG Wed Oct 26 09:06:45 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DB6616A41F for ; Wed, 26 Oct 2005 09:06:45 +0000 (GMT) (envelope-from dawnshade@mail.ru) Received: from relay1.kaspersky-labs.com (relay1.kaspersky-labs.com [212.5.80.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 496A943D49 for ; Wed, 26 Oct 2005 09:06:44 +0000 (GMT) (envelope-from dawnshade@mail.ru) Received: from relay1.kaspersky-labs.com (localhost [127.0.0.1]) by relay1.kaspersky-labs.com (ESMTP) with SMTP id 0A41C1705D; Wed, 26 Oct 2005 13:06:43 +0400 (MSD) Received: from antispam.localhost (localhost [127.0.0.1]) by relay1.kaspersky-labs.com (ESMTP) with SMTP id 9036E17052; Wed, 26 Oct 2005 13:06:42 +0400 (MSD) Received: by relay1.kaspersky-labs.com (ESMTP, from userid 230) id 7006F17051; Wed, 26 Oct 2005 13:06:42 +0400 (MSD) Received: from avp_server2.avp.ru (mx.avp.ru [212.5.80.15]) by relay1.kaspersky-labs.com (ESMTP) with ESMTP id 577B317034; Wed, 26 Oct 2005 13:06:42 +0400 (MSD) Received: from moscow2.avp.ru ([10.64.0.4]) by avp_server2.avp.ru with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Oct 2005 13:06:42 +0400 Received: from moscow.avp.ru ([10.64.0.3]) by moscow2.avp.ru with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Oct 2005 13:06:41 +0400 Received: from [172.16.128.10] ([172.16.128.10]) by moscow.avp.ru with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Oct 2005 13:06:41 +0400 From: dawnshade To: freebsd-stable@freebsd.org, anton@nikiforov.ru Date: Wed, 26 Oct 2005 13:06:29 +0400 User-Agent: KMail/1.8.2 References: <435E85AB.3070701@nikiforov.ru> <200510261220.32300.dawnshade@mail.ru> <435F4135.9000405@nikiforov.ru> In-Reply-To: <435F4135.9000405@nikiforov.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200510261306.29888.dawnshade@mail.ru> X-OriginalArrivalTime: 26 Oct 2005 09:06:41.0640 (UTC) FILETIME=[94890E80:01C5DA0C] X-SpamTest-Version: SMTP-Filter Version 2.0.0 [0125], KAS/Release X-Spamtest-Info: Pass through X-Anti-Virus: Kaspersky Anti-Virus for MailServers 5.5.2/RELEASE, bases: 26102005 #146863, status: clean Cc: Subject: Re: pf and short packets X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2005 09:06:45 -0000 On Wednesday 26 October 2005 12:41, Anton Nikiforov wrote: > dawnshade wrote: > > On Wednesday 26 October 2005 12:08, Anton Nikiforov wrote: > >> On Tuesday 25 October 2005 23:21, Anton Nikiforov wrote: > >>>>tcpdump -n -e -ttt -x -i pflog0 host 127.0.0.1 > >>>>000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 > > >>>>127.0.0.1.643: . ack 30 win 65535 > >>>> 0x0000: 4600 002c 6605 4000 0306 11c5 7f00 0001 > >>>> F..,f.@......... 0x0010: 7f00 0001 0100 0000 0202 0283 8129 5dab > >>>> .............)]. 0x0020: 5db7 f2f2 5010 ffff 7dce 0000 > >>>> ]...P...}... 000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 > >>>> > >>>>127.0.0.1.643: . ack 30 win 65535 > >>>> 0x0000: 4600 002c d21d 4000 0306 a5ac 7f00 0001 > >>>> F..,..@......... 0x0010: 7f00 0001 0100 0000 0202 0283 8129 5dab > >>>> .............)]. 0x0020: 5db7 f2f2 5010 ffff 7dce 0000 > >>>> ]...P...}... > >>>> > >>>>The rule for this packet is not a "log" one, but the sign (short) is > >>>>what i cannot understand. > >>> > >>>Read 'man 1 tcpdump' about key "-s". > >>>You command must be like "tcpdump -s 1000 -n -e -ttt -x -i pflog0 host > >>>127.0.0.1" > >>> > >>>Change value 1000 to appropriate. > >> > >>Hi, and thanks for the replay, > >>but my question is not about how to use tcpdump (i know -s key), but > >>what to do with pf to make this packets pass through. > >>When my pf is up i cannot rsh to ipcad, but when it is down - everything > >>is working just fine. > >>I need this rsh to get my ip statistics. > > > > sorry, i misunderstand you. > > can you provide output 'pfctl -sr -g' (at leat sensitive rules before > > number 34) > > Hello and thanks again for the replay. > Here is the output of pfctl -sr -g. > @0 scrub in all fragment reassemble > [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] > [ queue: qname= qid=0 pqname= pqid=0 ] > @1 scrub out all random-id fragment reassemble > [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] > [ queue: qname= qid=0 pqname= pqid=0 ] > @0 pass quick on lo0 all > [ Skip steps: p=4 sp=802 da=2 dp=17 ] > [ queue: qname= qid=0 pqname= pqid=0 ] > I was "playing" with this rule and used to install it in different ways > and places. I have no idea what to do with this. > I was turning off scrubbing, everything beloew. With no result. > > All the rest is not about lo0, but here they are (34 out of 9849): > > @1 block drop in quick inet from 192.168.11.1 to any > @2 block drop in log quick on fxp0 inet from any to 224.0.0.0/3 > @3 block drop out log quick on fxp0 inet from 224.0.0.0/3 to any > @4 block drop in log quick on fxp0 inet proto tcp all flags FPU/FPU > @5 block drop in log quick on fxp0 inet proto tcp all flags FS/FSRA > @6 block drop in log quick on fxp0 inet proto tcp all flags /FSRA > @7 block drop in log on fxp0 proto tcp all > @8 block drop in log on fxp0 proto udp all > @9 block drop out log on fxp0 proto tcp all > @10 block drop out log on fxp0 proto udp all > @11 block drop in log on fxp0 proto icmp all > @12 block drop out log on fxp0 proto icmp all > @13 block return-rst in log on fxp0 proto tcp all > @14 block return-rst out log on fxp0 proto tcp all > @15 block return-icmp(port-unr, port-unr) in log on fxp0 proto udp all > @16 block return-icmp(port-unr, port-unr) out log on fxp0 proto udp all > @17 block drop in log on fxp0 proto tcp from any to any port = pop3 > @18 block drop in log on fxp0 proto tcp from any to any port = loc-srv > @19 block drop in log on fxp0 proto tcp from any to any port = profile > @20 block drop in log on fxp0 proto tcp from any to any port = netbios-ns > @21 block drop in log on fxp0 proto tcp from any to any port = netbios-dgm > @22 block drop in log on fxp0 proto tcp from any to any port = netbios-ssn > @23 block drop in log on fxp0 proto tcp from any to any port = microsoft-ds > @24 block drop in log on fxp0 proto udp from any to any port = pop3 > @25 block drop in log on fxp0 proto udp from any to any port = loc-srv > @26 block drop in log on fxp0 proto udp from any to any port = profile > @27 block drop in log on fxp0 proto udp from any to any port = netbios-ns > @28 block drop in log on fxp0 proto udp from any to any port = netbios-dgm > @29 block drop in log on fxp0 proto udp from any to any port = netbios-ssn > @30 block drop in log on fxp0 proto udp from any to any port = microsoft-ds > @31 block drop out log on fxp0 proto tcp from any to any port = pop3 > @32 block drop out log on fxp0 proto tcp from any to any port = loc-srv > @33 block drop out log on fxp0 proto tcp from any to any port = profile > @34 block drop out log on fxp0 proto tcp from any to any port = netbios-ns > > Just in case: > # pfctl -sr -g | grep lo0 > @0 pass quick on lo0 all maybe this link help you.: http://groups.google.com/group/fido7.ru.unix.bsd/msg/187bf3d7de6e3eab?dmode=source Sorry to other subscribers - it in russian. short fix problem: replace 'pass quick all lo0' to 'pass qucik all allow-opts lo0'