From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:55:08 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 61E3516A4CF; Thu, 16 Sep 2004 03:55:08 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 99113 invoked by uid 1005); 27 Oct 2003 06:00:55 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 99110 invoked from network); 27 Oct 2003 06:00:55 -0000 Received: from moutng.kundenserver.de (212.227.126.185) by pd9e39661.dip.t-dialin.net with SMTP; 27 Oct 2003 06:00:55 -0000 Received: from [212.227.126.159] (helo=mxng09.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AE0Nz-0008TU-00 for max@vampire.homelinux.org; Mon, 27 Oct 2003 06:57:51 +0100 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng09.kundenserver.de with esmtp (Exim 3.35 #1) id 1AE0Nv-0002nH-00 for max@love2party.net; Mon, 27 Oct 2003 06:57:47 +0100 Received: from turing (localhost [127.0.0.1])ESMTP id 6C4A93908FA; Mon, 27 Oct 2003 00:49:04 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Mon, 27 Oct 2003 00:48:56 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (ns.kt-is.co.kr [211.218.149.125]) ESMTP id 7ABDE3908BB for ; Mon, 27 Oct 2003 00:48:55 -0500 (EST) Received: from michelle.kt-is.co.kr (ns2.kt-is.co.kr [220.76.118.193]) (authenticated bits=128) by ns.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id h9R5uS5G036362 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Mon, 27 Oct 2003 14:56:29 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.9/8.12.9) with ESMTP id h9R5vVcR001167 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 27 Oct 2003 14:57:31 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.9/8.12.9/Submit) id h9R5vUuW001166 for pf4freebsd@freelists.org; Mon, 27 Oct 2003 14:57:30 +0900 (KST) (envelope-from yongari@kt-is.co.kr) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20031027055730.GA1026@kt-is.co.kr> References: <1067009522.3f9945f26f90e@imp1-a.free.fr> <20031025065139.GA7332@kt-is.co.kr> <1067066731.3f9a256b0baf7@imp1-l.free.fr> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1067066731.3f9a256b0baf7@imp1-l.free.fr> User-Agent: Mutt/1.4.1i X-Filter-Version: 1.11a (ns.kt-is.co.kr) X-archive-position: 201 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd Content-Transfer-Encoding: quoted-printable X-UID: 316 X-Length: 4987 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Using authpf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:55:08 -0000 X-Original-Date: Mon, 27 Oct 2003 14:57:30 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:55:08 -0000 On Sat, Oct 25, 2003 at 09:25:31AM +0200, novocaine@free.fr wrote: > Quoting Pyun YongHyeon : >=20 > > BTW, I authenticaed successfylly but got the following errors from > > authpf.(running on -CURRENT) >=20 > Thanks I had it working. It seems my authpf.rules was wrong. I also ha= d to > create /var/authpf. >=20 > >=20 > >=20 > > Oct 25 15:33:39 db authpf[693]: DIOCCOMMITRULES Invalid argument > > Oct 25 15:33:39 db authpf[693]: removed 192.168.10.6, user pfuser - = duration > > 1067063619 seconds > > Oct 25 15:33:39 db authpf[693]: cannot unlink /var/authpf/192.168.10= .6 > > (Permission denied) The above error was false alarm. authpf works like a charm. The unlink error message came from my incorrect install. authpf binary should have authpf gid. >=20 > I have the same error, it seems harmless. Authpf is working as expecte= d. >=20 It's NOT harmless. If you still see the above error message, your setup is not correct or there might be an another bugs in authpf. Make sure authpf executable shoule be read as the following. db# ls -al /usr/sbin/authpf=20 -r-sr-sr-x 1 root authpf 125400 Oct 25 15:30 /usr/sbin/authpf (Of course, if you installed authpf from port, authpf will reside in /usr/local/sbin directory.) And directory /var/authpf should have a mode '0770', its uid should be 'root' and its gid should be 'authpf'. Normally you should see the following messages in your /var/log/authpf. ... Oct 27 14:39:37 db authpf[529]: allowing 192.168.10.6, user pfuser Oct 27 14:45:53 db authpf[529]: removed 192.168.10.6, user pfuser - durat= ion 376 seconds After authenticating yourself, you can see applied rule set by authpf with 'pfctl -a authpf -vvsr'. > Thanks again! > - Olivier >=20 --=20 Pyun YongHyeon