Date: Mon, 4 Dec 2017 13:57:07 -0500 From: John Jasen <jjasen@gmail.com> To: Kristof Provost <kristof@sigsegv.be> Cc: FreeBSD PF <freebsd-pf@freebsd.org> Subject: Re: problems with tftp-proxy in 11.1? Message-ID: <9f0fc087-2aed-535e-c779-be0cc49cde26@gmail.com> In-Reply-To: <F42958A5-F0F6-44CE-A290-E21A1BFD517B@sigsegv.be> References: <e254d9bc-2246-648e-24b4-c5cd383b6f37@gmail.com> <F42958A5-F0F6-44CE-A290-E21A1BFD517B@sigsegv.be>
next in thread | previous in thread | raw e-mail | index | archive | help
rdr pass log proto udp \
=C2=A0=C2=A0 from {<all-public-ip-space>,<all-rfc1918-space>} \
=C2=A0=C2=A0 to <pxe-servers> port tftp \
=C2=A0=C2=A0 tag ALLOWED \
=C2=A0=C2=A0 -> 127.0.0.1 port 6969
There is a pass quick tagged ALLOWED later in rules.
/etc/inetd.conf contains:
acmsoda dgram=C2=A0=C2=A0 udp=C2=A0=C2=A0=C2=A0=C2=A0 wait=C2=A0=C2=A0=C2=
=A0 root=C2=A0=C2=A0=C2=A0 /usr/libexec/tftp-proxy tftp-proxy
Depending on circumstances, we see a lot or a very few of the following
messages:
"pf connection lookup failed (no rdr?)"
We also see very slow tftp response through the 11.1 firewall, with
occasional complete failures.
On 12/03/2017 11:40 AM, Kristof Provost wrote:
> On 2 Dec 2017, at 4:56, John Jasen wrote:
>> Attempts to run tftp-proxy across a freebsd system running pf result i=
n
>> very slow performance and an endless amount of:
>>
>> "pf connection lookup failed (no rdr?)"
>> Is there something that has regressed in 11.1, or am I missing somethi=
ng?
>>
> I=E2=80=99m not aware of any such regressions, but that of course doesn=
=E2=80=99t mean the
> can=E2=80=99t be there.
>
> Can you post the relevant bits of your rules/configuration? A small tes=
t case
> would be ideal.
>
> Regards,
> Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9f0fc087-2aed-535e-c779-be0cc49cde26>