From owner-freebsd-pf@FreeBSD.ORG  Thu Jun 14 14:00:55 2007
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id BEC1516A46B
	for <freebsd-pf@freebsd.org>; Thu, 14 Jun 2007 14:00:55 +0000 (UTC)
	(envelope-from volker@vwsoft.com)
Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103])
	by mx1.freebsd.org (Postfix) with ESMTP id 5FF8F13C4AD
	for <freebsd-pf@freebsd.org>; Thu, 14 Jun 2007 14:00:55 +0000 (UTC)
	(envelope-from volker@vwsoft.com)
Received: from mail.vtec.ipme.de (Q7cc2.q.ppp-pool.de [89.53.124.194])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by frontmail.ipactive.de (Postfix) with ESMTP id 94BA3128844;
	Thu, 14 Jun 2007 16:00:48 +0200 (CEST)
Received: from cesar.sz.vwsoft.com (cesar.sz.vwsoft.com [192.168.16.3])
	by mail.vtec.ipme.de (Postfix) with ESMTP id 5A94B3F525;
	Thu, 14 Jun 2007 15:59:52 +0200 (CEST)
Message-ID: <467149DE.3080600@vwsoft.com>
Date: Thu, 14 Jun 2007 15:59:58 +0200
From: Volker <volker@vwsoft.com>
User-Agent: Thunderbird 2.0.0.0 (X11/20070528)
MIME-Version: 1.0
To: Roger Miranda <rmiranda@digitalrelay.ca>
References: <200706140833.50583.rmiranda@digitalrelay.ca>
In-Reply-To: <200706140833.50583.rmiranda@digitalrelay.ca>
X-Enigmail-Version: 0.95.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-VWSoft-MailScanner: Found to be clean
X-MailScanner-From: volker@vwsoft.com
X-ipactive-MailScanner-Information: Please contact the ISP for more information
X-ipactive-MailScanner: Found to be clean
X-ipactive-MailScanner-From: volker@vwsoft.com
Cc: freebsd-pf@freebsd.org
Subject: Re: PF error message looping on screen.  System Locked.
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jun 2007 14:00:55 -0000

On 06/14/07 15:33, Roger Miranda wrote:
> We are having a bit of a problem with Freebsd and PF.  We have transfered 
> 150GB (+/-), yesterday over a Freebsd 6.2 machine with IF_Bridge (acting as a 
> transparent proxy)
> 
> The issue is 5-8 hours after the boot up of the machine we get PF loop (Fast, 
> continuous loop, so we can not read the message) on the screen.  The machine 
> is completly un responsive.  But I noticed the that Num Lock (only the num 
> lock button) button is still responsive.
> 
> Thanks in advance for any help.  I am still new at freebsd and pf, switching 
> over from Linux.
> 
> Here is a copy of my pf.conf and output of ifconfig.
> 
> ----pf.conf----
> int_if="em1"
> ext_if="em0"
> net="XXX.XXX.0.XX/16"
> wac_ip="XXX.XXX.0.XX"
> set optimization conservative
> 
> rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128
> pass in log on $int_if route-to lo0 inet proto tcp from any to any port 3128 
> keep state
> 
> pass in log quick on $int_if proto tcp from any to any port 80 keep state
> pass in log quick on $int_if proto tcp from any to any port 443 keep state
> 
> pass in log quick on $int_if proto tcp from any to $wac_ip port 8080 keep 
> state
> 
> pass in log quick proto icmp from any to any keep state
> 
> block in log quick on $int_if proto tcp from any to any port 1863
> 
> pass in log quick proto udp from any to any port 67:68 keep state
> 
> pass in log quick proto udp from any to any port 53 keep state
> 
> pass log quick proto tcp from any to any port 22 keep state 
> 
> 
> ----Output: ifconfig-----
> em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> 	options=48<VLAN_MTU,POLLING>
> 	ether 00:30:48:86:97:62
> 	media: Ethernet autoselect (1000baseTX <full-duplex>)
> 	status: active
> em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> 	options=48<VLAN_MTU,POLLING>
> 	inet XXX.XXX.0.XX netmask 0xffffff00 broadcast XXX.XXX.0.XXX
> 	ether 00:30:48:86:97:63
> 	media: Ethernet autoselect (1000baseTX <full-duplex>)
> 	status: active
> pfsync0: flags=0<> mtu 2020
> 	syncpeer: 224.0.0.240 maxupd: 128
> pflog0: flags=0<> mtu 33208
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> 	inet 127.0.0.1 netmask 0xff000000 
> bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> 	ether 36:3e:f7:b9:a3:4d
> 	priority 32768 hellotime 2 fwddelay 15 maxage 20
> 	member: em1 flags=3<LEARNING,DISCOVER>
> 	member: em0 flags=3<LEARNING,DISCOVER>

Roger,

I remember a discussion about your machine in stable@ some time ago.

> We have transfered 150GB (+/-)

Using sftp, ftp, http or ...?

Are you by any chance being able to get a photopicture (with fast
shutter time) of the debug messages? Do you have anything in
/var/log/debug.log /var/log/messages which might be useful?

I think we first need an idea of what messages are popping up.

Volker