From owner-freebsd-stable@FreeBSD.ORG Tue Jun 14 04:03:17 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE5FB16A41C for ; Tue, 14 Jun 2005 04:03:17 +0000 (GMT) (envelope-from louie@transsys.com) Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3667043D55 for ; Tue, 14 Jun 2005 04:03:16 +0000 (GMT) (envelope-from louie@transsys.com) Received: from [144.202.42.88] (localhost [127.0.0.1]) by whizzo.transsys.com (Postfix) with ESMTP id CD53F20F6A; Tue, 14 Jun 2005 00:03:15 -0400 (EDT) Message-ID: <42AE5703.4020805@transsys.com> Date: Tue, 14 Jun 2005 00:03:15 -0400 From: Louis Mamakos User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Vladimir Botka References: <42ACA2F4.80105@hopkins-family.org> <20050613084033.R23434@localhost> In-Reply-To: <20050613084033.R23434@localhost> X-Enigmail-Version: 0.89.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Damon Hopkins , freebsd-stable@freebsd.org Subject: Re: ipf Kernel Panic log.. w/ Vonage linksys RT31P2, 5.4 Stable, IPF + IPNAT X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jun 2005 04:03:17 -0000 The Vonage RT31P2 does not talk H.323, and it's not necessary to do anything other than plain vanilla NAT to have it work through a firewall. That is, no port forwarding, no SIP payload re-writing, etc. Just plain vanilla NAT for both the SIP signaling and the RTP payload will be all that's necessary. I use ipfw with my Vonage service, but there's nothing special that I do for NAT. I don't do ipf.. Louis Mamakos Vladimir Botka wrote: > Hello, > if your "Vonage linksys RT31P2" talks H323 try /usr/ports/net/gatekeeper > in proxy mode. > > Cheers, > Vladimir Botka > > On Sun, 12 Jun 2005, Damon Hopkins wrote: > >> I can reproduce this very easily.. I pick up my phone and make a call >> Current Setup >> -------- >> \------ >> >> I've tried various nap rules and ipf filter settings.. here are the >> current mappings and setup.. the kernel is GENERIC w/ the debuggong >> stuff put in it. >> ---------------- IPNAT RULES -------------------- >> map vr0 10.69.0.0/24 -> 0/32 proxy port ftp ftp/tcp >> map vr0 10.69.0.0/24 -> 0/32 >> >> ----------------- IPF RULES --------------------- >> pass in quick on lo0 proto tcp from any to any flags S keep state >> pass in quick on lo0 proto udp from any to any keep state >> pass in quick on lo0 proto icmp from any to any keep state >> pass in quick on lo0 all keep state >> pass out quick on lo0 proto tcp from any to any flags S keep state >> pass out quick on lo0 proto udp from any to any keep state >> pass out quick on lo0 proto icmp from any to any keep state >> pass out quick on lo0 all keep state >> >> pass in quick on rl0 proto tcp from any to any flags S keep state >> pass in log first quick on rl0 proto udp from any to any keep state >> pass in log first quick on rl0 proto icmp from any to any keep state >> keep frags >> pass in quick on rl0 all keep state >> pass out quick on rl0 proto tcp from any to any flags S keep state >> pass out log first quick on rl0 proto udp from any to any keep state >> pass out log first quick on rl0 proto icmp from any to any keep state >> keep frags >> pass out quick on rl0 all keep state >> >> pass in quick on vr0 proto tcp from any to any flags S keep state keep >> frags >> pass in quick on vr0 proto udp from any to any keep state keep frags >> pass in log first quick on vr0 proto icmp from any to any keep state >> keep frags >> pass in quick on vr0 all keep state keep frags >> pass out quick on vr0 proto tcp from any to any flags S keep state keep >> frags >> pass out quick on vr0 proto udp from any to any keep state keep frags >> pass out log first quick on vr0 proto icmp from any to any keep state >> keep frags >> pass out quick on vr0 all keep state keep frags >> >> pass in quick on ng0 proto tcp from any to any flags S keep state >> pass in quick on ng0 proto udp from any to any keep state >> pass in log first quick on ng0 proto icmp from any to any keep state >> pass in quick on ng0 all keep state >> pass out quick on ng0 proto tcp from any to any flags S keep state >> pass out quick on ng0 proto udp from any to any keep state >> pass out log first quick on ng0 proto icmp from any to any keep state >> pass out quick on ng0 all keep state >> >> MORE ng rules form my other VPNS >> I've also just tried to pass everything >> pass in quick on vr0 all >> pass out quick on vr0 all >> >> but that didn't help any >> >> I've notices a lot of UDP traffic from the linksys adapter durring a >> phone call.. >> >> Thanks Guys.. I hope this gets fixes real fast cause my old number >> goes away in a few days and this is not going to be fun.. I can't put >> the linksys adapter in front of the firewall because it doesn't route >> my VPN's.. we use MPD and bgpd (zebra) >> >> >> Later, >> Damon Hopkins >> >> ------------- DEBUG OUTPUT ---------------------- >> Fatal trap 12: page fault while in kernel mode >> fault virtual address = 0xc >> fault code = supervisor read, page not present >> instruction pointer = 0x8:0xc0651550 >> stack pointer = 0x10:0xd3d46aec >> frame pointer = 0x10:0xd3d46af8 >> code segment = base 0x0, limit 0xfffffm type 0x1b >> = DPL 0, pres 1, def32 1, gran 1 >> processor eflags = interrupt enabled, resume, IOPL = 0 >> current process = 27 (swi1:net) >> [thread pid 27 tid 100021 ] >> Stopped at m_copydata+0x28: movl 0xc(%esi),%eax >> db> examine >> m_copydata+0x28: 290c468b >> db> trace >> Tracing pid 27 tid 100021 td 0xc15a4180 >> mcopydata(c17fa400,0,38,c193abc0,0) at m_copydata+0x28 >> ipllog(0,d3d46bc8,d3d46b50,d3d46b48,d3d46b40) at ipllog+0x1f1 >> ipflog(105819,c17fa450,d3d46bc8,c17fa400,0) at ipflog+0x18f >> fr_check(c17fa450,14,c16c6000,0,d3d46c70) at fr_check+0xc6c >> fr_check_wrapper(0,d3d46c70,c16c6000,1,0) at fr_check_wrapper+0x2a >> pfil_run_hooks(c08fa5c0,d3d46cbc,c16c600,1,0) at pfil_run_hooks+0xeb >> ip_input(c17fa400) at ip_input+0x211 >> netisr_processqueue(c08f9858) at netisr_processqueue+0x9f >> swi_net(0) at swi_net+0xee >> ithread_loop(c159a500,d3d46d38) at ithread_loop+0x151 >> fork_exit(c0609f4c,c159a500,d3d46d38) at fork_exit+0x74 >> fork_trampoline() at fork_trampoline+0x8 >> --- trap 0x1, eip = 0, esp = 0xd3d46d6c, ebp = 0 --- >> >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >> >> >> > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >