From owner-freebsd-pf@FreeBSD.ORG Fri Jan 25 22:39:29 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3F1C016A420 for ; Fri, 25 Jan 2008 22:39:29 +0000 (UTC) (envelope-from jdc@parodius.com) Received: from mx01.sc1.parodius.com (mx01.sc1.parodius.com [72.20.106.3]) by mx1.freebsd.org (Postfix) with ESMTP id 2BF1213C44B for ; Fri, 25 Jan 2008 22:39:28 +0000 (UTC) (envelope-from jdc@parodius.com) Received: by mx01.sc1.parodius.com (Postfix, from userid 1000) id B8AEE1CC038; Fri, 25 Jan 2008 14:39:28 -0800 (PST) Date: Fri, 25 Jan 2008 14:39:28 -0800 From: Jeremy Chadwick To: Gavin Spomer Message-ID: <20080125223928.GA49313@eos.sc1.parodius.com> References: <4799EFC0020000900001307D@hermes.cwu.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4799EFC0020000900001307D@hermes.cwu.edu> User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-pf@freebsd.org Subject: Re: How does /dev/pf get created? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jan 2008 22:39:29 -0000 On Fri, Jan 25, 2008 at 02:18:40PM -0800, Gavin Spomer wrote: > >>> Gary Palmer 01/25/08 1:47 PM >>> > ENOENT ("No such file or directory") can also mean that a symbol that the > module requires cannot be found in the kernel. This can be many things, > including a missing prerequisite module or that the module was built with > a different set of options to the currently running kernel. > Check dmesg to see if there is a related error message from the kernel. > Geez, I'm so embarrassed. This is the first time I've ever run > dmesg. Lots of stuff in there; anything in particular I'm looking > for? > > {snip} > > Limiting closed port RST response from 1077 to 200 packets/sec Are you using this box for torrents or are you being DoS'd in any way? This is an awful large sum of TCP RST packets to receive; if it's normal, you can tune this with a sysctl, I believe. You should also consider looking at the blackhole(4) manpage, as those may help you as well. However, those aren't needed if you manage to get pf up and working and set up a good firewall list. :-) > bce0: promiscuous mode enabled > bce0: promiscuous mode disabled Probably caused by packet sniffer use (tcpdump, snoop, Wireshark, etc.). > pid 34320 (conftest), uid 0: exited on signal 12 (core dumped) conftest coredumps are "normal" -- they even happen on Linux. Some software you installed did this. Usually it happens in software that uses GNU autoconf to do some compiler tests. I'd really love to find out why they happen and strangle whoever introduced it, though. > link_elf: symbol altq_remove undefined > link_elf: symbol altq_remove undefined > link_elf: symbol altq_remove undefined > link_elf: symbol altq_remove undefined > link_elf: symbol altq_remove undefined > link_elf: symbol altq_remove undefined And, very likely, here is the cause of your pf problem. :-) Please go back to what I said about your kernel configuration -- you're missing a lot of "option" arguments for ALTQ support. Add all of the ones I gave you, follow the instructions for buildkernel/installkernel, and it should all begin working. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |