From owner-freebsd-pf@FreeBSD.ORG  Wed Dec  7 22:23:03 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CFE9216A41F
	for <freebsd-pf@freebsd.org>; Wed,  7 Dec 2005 22:23:03 +0000 (GMT)
	(envelope-from rako29@gmail.com)
Received: from nproxy.gmail.com (nproxy.gmail.com [64.233.182.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7B09243D9B
	for <freebsd-pf@freebsd.org>; Wed,  7 Dec 2005 22:22:33 +0000 (GMT)
	(envelope-from rako29@gmail.com)
Received: by nproxy.gmail.com with SMTP id h2so151215nfe
	for <freebsd-pf@freebsd.org>; Wed, 07 Dec 2005 14:22:20 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:mime-version:content-type;
	b=O3kdKdU64Df+q5q0MEQ3DM6suHUuotxmIg5bJPeFq4CvDEvWDz4LK3X1BY/K0ojOiYhvLtU3a3FqrZb6ERG/f5GJmdVUhFkjJXt5ahabo7rlCyxpm56BH0TtiLN31NAUIWZ+EU0sDlxUjmyBBPIZASabBB404xSgBYzJY/VW8DA=
Received: by 10.48.43.4 with SMTP id q4mr125959nfq;
	Wed, 07 Dec 2005 14:22:19 -0800 (PST)
Received: by 10.48.233.18 with HTTP; Wed, 7 Dec 2005 14:22:19 -0800 (PST)
Message-ID: <b26feecb0512071422o65be82a7t713efa1dca897071@mail.gmail.com>
Date: Wed, 7 Dec 2005 19:22:19 -0300
From: =?ISO-8859-1?Q?Javier_Andr=E9s?= <rako29@gmail.com>
To: freebsd-pf@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Help with pf
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Dec 2005 22:23:04 -0000

Hello. I'm experiencing some problems with a i386 PC running a FreeBSD
RELENG_5 acting as a router with 2 external network interfaces. The major
problem is that the firewall starts to timeout and rejects requests, if the
pf rules were loaded more than 1 day ago. This problem occurs over one of
the two external network interface which is connected to an ADSL via PPPoE.
(please notice that the assignment of a new IP to the interface is not the
cause of the problem).

A solution I found is to reload the filter rules (pfctrl -f etc/pf.conf) in
the cron job.

Can you tell me which variables, parameters, or statistics can I look to
find the cause of this problem? The pflog log doesn't say anything strange
and neither does the netstat -m.

Thanks
Javier