From owner-freebsd-questions Sun Apr 21 15: 0:22 2002 Delivered-To: freebsd-questions@freebsd.org Received: from axel.truedestiny.net (a185066.upc-a.chello.nl [62.163.185.66]) by hub.freebsd.org (Postfix) with ESMTP id 9B4D937B405 for ; Sun, 21 Apr 2002 15:00:18 -0700 (PDT) Received: by axel.truedestiny.net (Postfix, from userid 1000) id 37CAC49AB2; Mon, 22 Apr 2002 00:00:17 +0200 (CEST) Date: Mon, 22 Apr 2002 00:00:17 +0200 From: Axel Scheepers To: questions@freebsd.org Subject: Funny ipnat ipf problem Message-ID: <20020422000016.I82499@mars.thuis> Reply-To: Axel Scheepers Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi All, Being up for about 6 months, happy filtering my ipf/ipnat setup suddenly did weird things. After I reloaded my ruleset, it seemed that the order of which packets get past these programs was switched. A very simpel test setup was this: ipf.rules block in log on ed2 pass out on ed2 from any to any flags S keep state pass in on ed2 from any to any port = 80 flags S keep state ipnat.rules map ed2 192.168.0.0/16 -> 0/32 proxy port ftp ftp/tcp map ed2 192.168.0.0/16 -> 0/32 portmap tcp/udp auto map ed2 192.168.0.0/16 -> 0/32 rdr ed2 0.0.0.0/0 port 22 -> 192.168.0.5 port 80 which flooded my logs with denied packets to 192.168.x.x. I tried to flush and reload my original nat and ipf ruleset, but still this odd behavior. After a reboot, the machine was back in shape. I'm curious; What happened? The logs don't show anything strange, except for the sudden appearance of blocked packets to 192.168.x.x. Gr, -- Axel Scheepers UNIX System Administrator email: axel@axel.truedestiny.net a.scheepers@iae.nl http://axel.truedestiny.net/~axel ------------------------------------------ Don't get suckered in by the comments -- they can be terribly misleading. Debug only code. -- Dave Storer ------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message