Date: Mon, 14 Jul 2025 02:07:09 +0300 From: Christos Chatzaras <chris@cretaforce.gr> To: Vadim Goncharov <vadimnuclight@gmail.com> Cc: freebsd-net <freebsd-net@freebsd.org>, FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: Re: Issues with IPFW skipto Rule and Whitelisting Logic Message-ID: <BE359828-592D-4ECA-9F19-1D58AA707461@cretaforce.gr> In-Reply-To: <20250714001805.073389b5@nuclight.lan> References: <3A01EF48-EBE8-48C3-9C66-6A250A240341@cretaforce.gr> <BFBEBAE0-E768-4E8D-9DB6-0AAD9D0EF931@cretaforce.gr> <20250714001805.073389b5@nuclight.lan>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] > > Did you try to remove `-q` from all your scripts and see if there are errors? > May be something in dmesg? Adding another log rules for your test IP? tcpdump? > > -- > WBR, @nuclight ipfw -q add 00032 count log logamount 0 ip from 175.178.0.0/16 to any After that, I checked /var/log/security while trying to connect from 175.178.167.241 (I can only use a web interface they provide me to test the connection). During these tests, I saw DNS requests coming from 175.178.254.144 and 175.178.136.250 to port 53, which I assume are their DNS resolvers. Once I added those two IPs to table(3), I could no longer reproduce the issue. I will test again tomorrow, but I’m now quite sure the real problem was DNS resolution failing because those resolver IPs were blocked. [-- Attachment #2 --] <html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><br><div><blockquote type="cite"><br>Did you try to remove `-q` from all your scripts and see if there are errors?<br>May be something in dmesg? Adding another log rules for your test IP? tcpdump?<br><br>-- <br>WBR, @nuclight<br></blockquote></div><div><br></div><div><p class="p1" style="font-family: -apple-system-font;">ipfw -q add 00032 count log logamount 0 ip from 175.178.0.0/16 to any</p><p class="p1">After that, I checked <span class="s1">/var/log/security</span> while trying to connect from 175.178.167.241 (I can only use a web interface they provide me to test the connection). During these tests, I saw DNS requests coming from 175.178.254.144 and 175.178.136.250 to port 53, which I assume are their DNS resolvers. Once I added those two IPs to table(3), I could no longer reproduce the issue. I will test again tomorrow, but I’m now quite sure the real problem was DNS resolution failing because those resolver IPs were blocked.</p></div></body></html>help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BE359828-592D-4ECA-9F19-1D58AA707461>