Date: Mon, 5 Oct 2015 16:42:30 -0500 From: Adam Vande More <amvandemore@gmail.com> To: Niklaas Baudet von Gersdorff <niklaas@kulturflatrate.net> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: PF stops tmux from working?! Message-ID: <CA%2BtpaK3acPf2QvWDtC78EqEdawunK__nMwi8UmfjDx5gmZXj5w@mail.gmail.com> In-Reply-To: <5612E791.4040708@kulturflatrate.net> References: <5612E791.4040708@kulturflatrate.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 5, 2015 at 4:11 PM, Niklaas Baudet von Gersdorff <
niklaas@kulturflatrate.net> wrote:
> I have a host with several jails on it. The jails have a public IPv6
> assigned to the external interface. Using PF as firewall, I was used to
> block all incoming traffic and I initially set
>
> > pass out on $ext_if proto { tcp udp } all
>
> Recently, I changed the settings to also restrict outgoing traffic. E.g.
> there are some jails that are only allowed to send traffic within my
> IPv6 network.
>
> Since I restricted the access, in some jails, I cannot use tmux anymore
> which I don't understand because I wouldn't have thought of a relation
> between a terminal multiplexer and a firewall.
>
> > tmux -vvvvvvvv
>
> created some logfiles that I attached but they don't look promising.
> (The respective tmux-client-19034.log is empty.)
>
> I have read that it's possible to do some debugging with
>
> > truss tmux
>
> which, in fact, turned out some results that might relate the
> dysfunction of tmux to the changes of the firewall. The full file is
> attached, the lines that I assume relevant follow:
>
> > connect(5,{ AF_UNIX "/tmp/tmux-1001/default" },24) ERR#61 'Connection
> refused'
> > stat("/usr/share/nls/C/libc.cat",0x7fffffffdcd8) ERR#2 'No such file or
> directory'
> > stat("/usr/share/nls/libc/C",0x7fffffffdcd8) ERR#2 'No such file or
> directory'
> > stat("/usr/local/share/nls/C/libc.cat",0x7fffffffdcd8) ERR#2 'No such
> file or directory'
> > stat("/usr/local/share/nls/libc/C",0x7fffffffdcd8) ERR#2 'No such file
> or directory'
> [...]
> > socket(PF_INET,SOCK_DGRAM,0) ERR#43 'Protocol not
> supported'
> > poll({4/POLLIN},1,0) = 0 (0x0)
> > fcntl(0,F_GETFL,) = 6 (0x6)
> > fcntl(0,F_SETFL,0x2) = 0 (0x0)
> > process exit, rval = 1
>
> I have no clue what the above line mean but what made me suspicious is line
>
> > socket(PF_INET,SOCK_DGRAM,0) ERR#43 'Protocol not
> supported'
>
> because I relate "/PF/_INET" to the /pf/ firewall. Searching for
>
PF_INET != PF. Your issue isn't related to a firewall at all but rather
your previous question.
tmux is attempting to open an IPv4 socket and in your environment it isn't
supported.
--
Adam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BtpaK3acPf2QvWDtC78EqEdawunK__nMwi8UmfjDx5gmZXj5w>