Date: Mon, 13 Jun 2005 08:43:53 +0200 (CEST) From: Vladimir Botka <vlado@botka.homeunix.org> To: Damon Hopkins <damon@hopkins-family.org> Cc: freebsd-stable@freebsd.org Subject: Re: ipf Kernel Panic log.. w/ Vonage linksys RT31P2, 5.4 Stable, IPF + IPNAT Message-ID: <20050613084033.R23434@localhost> In-Reply-To: <42ACA2F4.80105@hopkins-family.org> References: <42ACA2F4.80105@hopkins-family.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, if your "Vonage linksys RT31P2" talks H323 try /usr/ports/net/gatekeeper in proxy mode. Cheers, Vladimir Botka On Sun, 12 Jun 2005, Damon Hopkins wrote: > I can reproduce this very easily.. I pick up my phone and make a call > Current Setup > <Cable Modem>---<FreeBSD 5.4 Stable>---<HUB>--<Machines> > \------<Vonage Linksys RT31P2> > > I've tried various nap rules and ipf filter settings.. here are the > current mappings and setup.. the kernel is GENERIC w/ the debuggong > stuff put in it. > ---------------- IPNAT RULES -------------------- > map vr0 10.69.0.0/24 -> 0/32 proxy port ftp ftp/tcp > map vr0 10.69.0.0/24 -> 0/32 > > ----------------- IPF RULES --------------------- > pass in quick on lo0 proto tcp from any to any flags S keep state > pass in quick on lo0 proto udp from any to any keep state > pass in quick on lo0 proto icmp from any to any keep state > pass in quick on lo0 all keep state > pass out quick on lo0 proto tcp from any to any flags S keep state > pass out quick on lo0 proto udp from any to any keep state > pass out quick on lo0 proto icmp from any to any keep state > pass out quick on lo0 all keep state > > pass in quick on rl0 proto tcp from any to any flags S keep state > pass in log first quick on rl0 proto udp from any to any keep state > pass in log first quick on rl0 proto icmp from any to any keep state keep > frags > pass in quick on rl0 all keep state > pass out quick on rl0 proto tcp from any to any flags S keep state > pass out log first quick on rl0 proto udp from any to any keep state > pass out log first quick on rl0 proto icmp from any to any keep state > keep frags > pass out quick on rl0 all keep state > > pass in quick on vr0 proto tcp from any to any flags S keep state keep frags > pass in quick on vr0 proto udp from any to any keep state keep frags > pass in log first quick on vr0 proto icmp from any to any keep state > keep frags > pass in quick on vr0 all keep state keep frags > pass out quick on vr0 proto tcp from any to any flags S keep state keep > frags > pass out quick on vr0 proto udp from any to any keep state keep frags > pass out log first quick on vr0 proto icmp from any to any keep state > keep frags > pass out quick on vr0 all keep state keep frags > > pass in quick on ng0 proto tcp from any to any flags S keep state > pass in quick on ng0 proto udp from any to any keep state > pass in log first quick on ng0 proto icmp from any to any keep state > pass in quick on ng0 all keep state > pass out quick on ng0 proto tcp from any to any flags S keep state > pass out quick on ng0 proto udp from any to any keep state > pass out log first quick on ng0 proto icmp from any to any keep state > pass out quick on ng0 all keep state > > <SNIP> MORE ng rules form my other VPNS </SNIP> > I've also just tried to pass everything > pass in quick on vr0 all > pass out quick on vr0 all > > but that didn't help any > > I've notices a lot of UDP traffic from the linksys adapter durring a phone > call.. > > Thanks Guys.. I hope this gets fixes real fast cause my old number goes away > in a few days and this is not going to be fun.. I can't put the linksys > adapter in front of the firewall because it doesn't route my VPN's.. we use > MPD and bgpd (zebra) > > > Later, > Damon Hopkins > > ------------- DEBUG OUTPUT ---------------------- > Fatal trap 12: page fault while in kernel mode > fault virtual address = 0xc > fault code = supervisor read, page not present > instruction pointer = 0x8:0xc0651550 > stack pointer = 0x10:0xd3d46aec > frame pointer = 0x10:0xd3d46af8 > code segment = base 0x0, limit 0xfffffm type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 27 (swi1:net) > [thread pid 27 tid 100021 ] > Stopped at m_copydata+0x28: movl 0xc(%esi),%eax > db> examine > m_copydata+0x28: 290c468b > db> trace > Tracing pid 27 tid 100021 td 0xc15a4180 > mcopydata(c17fa400,0,38,c193abc0,0) at m_copydata+0x28 > ipllog(0,d3d46bc8,d3d46b50,d3d46b48,d3d46b40) at ipllog+0x1f1 > ipflog(105819,c17fa450,d3d46bc8,c17fa400,0) at ipflog+0x18f > fr_check(c17fa450,14,c16c6000,0,d3d46c70) at fr_check+0xc6c > fr_check_wrapper(0,d3d46c70,c16c6000,1,0) at fr_check_wrapper+0x2a > pfil_run_hooks(c08fa5c0,d3d46cbc,c16c600,1,0) at pfil_run_hooks+0xeb > ip_input(c17fa400) at ip_input+0x211 > netisr_processqueue(c08f9858) at netisr_processqueue+0x9f > swi_net(0) at swi_net+0xee > ithread_loop(c159a500,d3d46d38) at ithread_loop+0x151 > fork_exit(c0609f4c,c159a500,d3d46d38) at fork_exit+0x74 > fork_trampoline() at fork_trampoline+0x8 > --- trap 0x1, eip = 0, esp = 0xd3d46d6c, ebp = 0 --- > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050613084033.R23434>