Hello, we experience some problems with OpenBSD 5.0 and PF.
Overview of our setup: - 1 Server with OpenBSD 4.9 and PF configured (PF and dmesg as attechment). - 1 Server with a vanilla OpenBSD 5.0 installation and PF configured (PF and dmesg as attechment). Both Server have a default gateway and NSD 3.2.9 (DNS) configured. The Server with OpenBSD 5.0 is the primary nameserver and the other one is the slave. Before we installed the primary with OpenBSD 5.0 both ran with 4.9 perfectly without problems. Both servers are reachable and can communicate with each other. PF configuration on the two is more or less the same. Problem: If PF is enabled on master and we want to notify the slave to update (/<PATH_TO_NSD>/sbin/nsdc notify) its configured zones, we always see errors like shown below: ... nsd-notify[5971]: warning: send to <IP> failed: No route to host. ... This behaviour is only shown with activated PF and starts after a couple of zones have been transferred fine. We tested all combinations and think we have proof that the issue is linked with PF on OpenBSD 5.0: primary secondary -> PF (ena)ble or (dis)able dis dis -> No "no route to host" error. ena dis -> nsd-notify[5971]: warning: send to <IP> failed: No route to host. dis ena -> No "no route to host" error. ena ena -> nsd-notify[26844]: warning: send to <IP> failed: No route to host. Since the same issue sometimes also appears with ping and traceroute, we have reason to think that it is not linked to nscd. "nscd notify" is a reliable way to reproduce it. Any hint for nailing down/getting rid of this issue is greatly appreciated, because the issue described currently is a clear showstopper for us. Thank you in advance SC)bastien Maerker -- SC)bastien Maerker Continum AG Bismarckallee 7b-d 79098 Freiburg i. Br. Tel. +49 761 217 111-77 Fax. +49 761 217 111-99 http://www.continum.net Sitz der Gesellschaft: Freiburg im Breisgau Registergericht: Amtsgericht Freiburg, HRB 6866 Vorstand: Rolf Mathis, Volker T. Mueller Vorsitzender d. Aufsichtsrats: Prof. Dr. Karl-F. Fischbach OpenBSD 5.0 (GENERIC.MP) #63: Wed Aug 17 10:14:30 MDT 2011 [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4285071360 (4086MB) avail mem = 4156882944 (3964MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9f000 (68 entries) bios0: vendor American Megatrends Inc. version "1.1" date 05/27/2010 bios0: Supermicro X8SIL acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI SSDT EINJ BERT ERST HEST acpi0: wakeup devices P0P1(S4) P0P3(S4) P0P4(S4) P0P5(S4) P0P6(S4) BR1E(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) USB4(S4) USB5(S4) USB6(S4) GBE_(S4) BR20(S4) BR21(S4) BR22(S4) BR23(S4) BR24(S4) BR25(S4) BR26(S4) BR27(S4) EUSB(S4) USBE(S4) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.95 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 133MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.67 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG cpu1: 256KB 64b/line 8-way L2 cache cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.67 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG cpu2: 256KB 64b/line 8-way L2 cache cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.67 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG cpu3: 256KB 64b/line 8-way L2 cache cpu4 at mainbus0: apid 1 (application processor) cpu4: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.67 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG cpu4: 256KB 64b/line 8-way L2 cache cpu5 at mainbus0: apid 3 (application processor) cpu5: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.67 MHz cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG cpu5: 256KB 64b/line 8-way L2 cache cpu6 at mainbus0: apid 5 (application processor) cpu6: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.67 MHz cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG cpu6: 256KB 64b/line 8-way L2 cache cpu7 at mainbus0: apid 7 (application processor) cpu7: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.67 MHz cpu7: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG cpu7: 256KB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 8 pa 0xfec00000, version 20, 24 pins ioapic0: misconfigured as apic 1, remapped to apid 8 acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P1) acpiprt2 at acpi0: bus 1 (P0P3) acpiprt3 at acpi0: bus 2 (P0P5) acpiprt4 at acpi0: bus -1 (P0P6) acpiprt5 at acpi0: bus 6 (BR1E) acpiprt6 at acpi0: bus 3 (BR20) acpiprt7 at acpi0: bus 4 (BR24) acpiprt8 at acpi0: bus 5 (BR25) acpicpu0 at acpi0: C3, C2, C1, PSS acpicpu1 at acpi0: C3, C2, C1, PSS acpicpu2 at acpi0: C3, C2, C1, PSS acpicpu3 at acpi0: C3, C2, C1, PSS acpicpu4 at acpi0: C3, C2, C1, PSS acpicpu5 at acpi0: C3, C2, C1, PSS acpicpu6 at acpi0: C3, C2, C1, PSS acpicpu7 at acpi0: C3, C2, C1, PSS acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB ipmi at mainbus0 not configured cpu0: Enhanced SpeedStep 1866 MHz: speeds: 1868, 1867, 1733, 1600, 1467, 1333, 1200 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core DMI" rev 0x11 ppb0 at pci0 dev 3 function 0 "Intel Core PCIE" rev 0x11: msi pci1 at ppb0 bus 1 ppb1 at pci0 dev 5 function 0 "Intel Core PCIE" rev 0x11: msi pci2 at ppb1 bus 2 mfi0 at pci2 dev 0 function 0 "Symbios Logic MegaRAID SAS2108 GEN2" rev 0x05: apic 8 int 16, 0x92611000 mfi0: logical drives 1, version 12.7.0-0007, 512MB RAM scsibus0 at mfi0: 1 targets sd0 at scsibus0 targ 0 lun 0: <LSI, MR9260-8i, 2.70> SCSI3 0/direct fixed naa.600605b000f75e30ff00001801926311 sd0: 139236MB, 512 bytes/sector, 285155328 sectors "Intel Core Management" rev 0x11 at pci0 dev 8 function 0 not configured "Intel Core Scratch" rev 0x11 at pci0 dev 8 function 1 not configured "Intel Core Control" rev 0x11 at pci0 dev 8 function 2 not configured "Intel Core Misc" rev 0x11 at pci0 dev 8 function 3 not configured "Intel Core QPI Link" rev 0x11 at pci0 dev 16 function 0 not configured "Intel Core QPI Routing" rev 0x11 at pci0 dev 16 function 1 not configured ehci0 at pci0 dev 26 function 0 "Intel 3400 USB" rev 0x05: apic 8 int 21 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb2 at pci0 dev 28 function 0 "Intel 3400 PCIE" rev 0x05: msi pci3 at ppb2 bus 3 ppb3 at pci0 dev 28 function 4 "Intel 3400 PCIE" rev 0x05: msi pci4 at ppb3 bus 4 em0 at pci4 dev 0 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00: msi, address 00:25:90:0c:37:a4 ppb4 at pci0 dev 28 function 5 "Intel 3400 PCIE" rev 0x05: msi pci5 at ppb4 bus 5 em1 at pci5 dev 0 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00: msi, address 00:25:90:0c:37:a5 ehci1 at pci0 dev 29 function 0 "Intel 3400 USB" rev 0x05: apic 8 int 23 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb5 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xa5 pci6 at ppb5 bus 6 hifn0 at pci6 dev 0 function 0 "Hifn 7955/7954" rev 0x00: LZS 3DES ARC4 MD5 SHA1 RNG AES PK, 32KB dram, apic 8 int 20 vga1 at pci6 dev 3 function 0 "Matrox MGA G200eW" rev 0x0a wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 31 function 0 "Intel 3420 LPC" rev 0x05 pciide0 at pci0 dev 31 function 2 "Intel 3400 SATA" rev 0x05: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using apic 8 int 19 for native-PCI interrupt ichiic0 at pci0 dev 31 function 3 "Intel 3400 SMBus" rev 0x05: apic 8 int 18 iic0 at ichiic0 sdtemp0 at iic0 addr 0x18: stts424e02 sdtemp1 at iic0 addr 0x1a: stts424e02 spdmem0 at iic0 addr 0x50: 2GB DDR3 SDRAM registered ECC PC3-10600 with thermal sensor spdmem1 at iic0 addr 0x52: 2GB DDR3 SDRAM registered ECC PC3-10600 with thermal sensor pciide1 at pci0 dev 31 function 5 "Intel 3400 SATA" rev 0x05: DMA, channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide1: using apic 8 int 19 for native-PCI interrupt isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 wbsio0 at isa0 port 0x2e/2: W83627DHG rev 0x25 lm1 at wbsio0 port 0xa10/8: W83627DHG mtrr: Pentium Pro MTRR support uhub2 at uhub0 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2 uhidev0 at uhub2 port 2 configuration 1 interface 0 "Winbond Electronics Corp Hermon USB hidmouse Device" rev 1.10/0.01 addr 3 uhidev0: iclass 3/1 ums0 at uhidev0: 3 buttons, Z dir wsmouse0 at ums0 mux 0 uhidev1 at uhub2 port 2 configuration 1 interface 1 "Winbond Electronics Corp Hermon USB hidmouse Device" rev 1.10/0.01 addr 3 uhidev1: iclass 3/1 ukbd0 at uhidev1: 8 modifier keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhub3 at uhub1 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2 uhidev2 at uhub3 port 1 configuration 1 interface 0 "Cherry GmbH Cherry Slim Line Trackball Keyboard" rev 2.00/1.00 addr 3 uhidev2: iclass 3/1 ukbd1 at uhidev2: 8 modifier keys, 6 key codes wskbd2 at ukbd1 mux 1 wskbd2: connecting to wsdisplay0 uhidev3 at uhub3 port 1 configuration 1 interface 1 "Cherry GmbH Cherry Slim Line Trackball Keyboard" rev 2.00/1.00 addr 3 uhidev3: iclass 3/1 ums1 at uhidev3: 3 buttons wsmouse1 at ums1 mux 0 vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root scsibus2 at softraid0: 256 targets root on sd0a (0dd4637e1dda403b.a) swap on sd0b dump on sd0b wskbd2: disconnecting from wsdisplay0 wskbd2 detached ukbd1 detached uhidev2 detached wsmouse1 detached ums1 detached uhidev3 detached # $OpenBSD: pf.conf,v 1.50 2011/04/28 00:19:42 mikeb Exp $ # # See pf.conf(5) for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. # Global Options ext_if="em0" my_ip="IP" uni_ip="IP" management="{ IPs }" timeserver="IP" openbsd_mirror="IP" smtpserver="{ IPs }" set loginterface em0 set block-policy return # em0 - bad internet # em1 - not configured # lo0 - loopback # Global default block all ######################## INTERFACE em0 ############################ # INCOMING : connections to us # SSH ssh pass in on $ext_if proto TCP from $management to $my_ip port 22 flags S/SA keep state # DNS dns pass in on $ext_if proto { TCP, UDP } from any to $my_ip port 53 keep state # ICMP icmp allow useful net helper packets 20111202 sma pass in on $ext_if inet proto ICMP all icmp-type { 0, 3, 11 } keep state pass in on $ext_if inet proto ICMP all icmp-type { 0, 3, 8, 11, 30 } keep state # OUTGOING : connections from us # SSH ssh pass out on $ext_if proto TCP from $my_ip to any port 22 flags S/SA keep state # DNS dns pass out on $ext_if proto { TCP, UDP } from $my_ip to any port 53 keep state # NTP ntp pass out on $ext_if proto UDP from $my_ip to $timeserver port 123 keep state # SMTP smtp pass out on $ext_if proto TCP from $my_ip to $smtpserver port 25 keep state # HTTP http pass out on $ext_if proto TCP from $my_ip to $openbsd_mirror port 80 keep state # ICMP icmp allow useful net helper packets pass out on $ext_if inet proto ICMP all icmp-type { 0, 3, 11 } keep state pass out on $ext_if inet proto ICMP all icmp-type { 0, 3, 8, 11, 30 } keep state ######################## INTERFACE em1 ############################ # Covered by block all ######################## INTERFACE lo0 ############################ # LO lo0 pass in on lo0 all pass out on lo0 all OpenBSD 4.9 (RAMDISK_CD) #858: Wed Mar 2 07:04:48 MST 2011 [email protected]:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 2146369536 (2046MB) avail mem = 2077540352 (1981MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf8e00 (48 entries) bios0: vendor American Megatrends Inc. version "080011" date 07/15/2006 bios0: Supermicro H8SSL acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC OEMB acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Dual Core AMD Opteron(tm) Processor 170, 1995.26 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 199MHz cpu at mainbus0: not configured ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 11, 16 pins ioapic1 at mainbus0: apid 3 pa 0xfec01000, version 11, 16 pins ioapic2 at mainbus0: apid 4 pa 0xfec02000, version 11, 16 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus 2 (P1P2) pci0 at mainbus0 bus 0 ppb0 at pci0 dev 1 function 0 "ServerWorks HT-1000 PCI" rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci1 dev 13 function 0 "ServerWorks HT-1000 PCIX" rev 0xb2 pci2 at ppb1 bus 2 twe0 at pci2 dev 1 function 0 "3ware 7000/8000 series RAID" rev 0x01: apic 3 int 4 (irq 11) twe0: Escalade V1.3 scsibus0 at twe0: 16 targets sd0 at scsibus0 targ 0 lun 0: <3WARE, Host drive #00, > SCSI2 0/direct fixed sd0: 238474MB, 512 bytes/sec, 488395120 sec total bge0 at pci2 dev 3 function 0 "Broadcom BCM5704C" rev 0x10, BCM5704 B0 (0x2100): apic 3 int 8 (irq 9), address 00:30:48:56:68:24 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 3 function 1 "Broadcom BCM5704C" rev 0x10, BCM5704 B0 (0x2100): apic 3 int 9 (irq 5), address 00:30:48:56:68:25 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 pchb0 at pci0 dev 2 function 0 "ServerWorks HT-1000" rev 0x00 pciide0 at pci0 dev 2 function 1 "ServerWorks HT-1000 IDE" rev 0x00: DMA atapiscsi0 at pciide0 channel 0 drive 1 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: <MATSHITA, DVD-ROM SR-8178, PZ16> ATAPI 5/cdrom removable cd0(pciide0:0:1): using PIO mode 4, DMA mode 2, Ultra-DMA mode 0 "ServerWorks HT-1000 LPC" rev 0x00 at pci0 dev 2 function 2 not configured ohci0 at pci0 dev 3 function 0 "ServerWorks HT-1000 USB" rev 0x01: apic 2 int 10 (irq 10), version 1.0, legacy support ohci1 at pci0 dev 3 function 1 "ServerWorks HT-1000 USB" rev 0x01: apic 2 int 10 (irq 10), version 1.0, legacy support ehci0 at pci0 dev 3 function 2 "ServerWorks HT-1000 USB" rev 0x01: apic 2 int 10 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "ServerWorks EHCI root hub" rev 2.00/1.00 addr 1 vga1 at pci0 dev 5 function 0 "ATI Rage XL" rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) pchb1 at pci0 dev 24 function 0 "AMD AMD64 0Fh HyperTransport" rev 0x00 pchb2 at pci0 dev 24 function 1 "AMD AMD64 0Fh Address Map" rev 0x00 pchb3 at pci0 dev 24 function 2 "AMD AMD64 0Fh DRAM Cfg" rev 0x00 pchb4 at pci0 dev 24 function 3 "AMD AMD64 0Fh Misc Cfg" rev 0x00 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 "ServerWorks OHCI root hub" rev 1.00/1.00 addr 1 usb2 at ohci1: USB revision 1.0 uhub2 at usb2 "ServerWorks OHCI root hub" rev 1.00/1.00 addr 1 isa0 at mainbus0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 rd0: fixed, 4480 blocks uhidev0 at uhub1 port 2 configuration 1 interface 0 "Dell Dell Smart Card Reader Keyboard" rev 2.00/1.00 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0 wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 "Dell Dell Smart Card Reader Keyboard" rev 2.00/1.00 addr 2 at uhub1 port 2 configuration 1 not configured softraid0 at root root on rd0a swap on rd0b dump on rd0b umass0 at uhub0 port 1 configuration 1 interface 0 "USB2.0 External Mass Storage Device" rev 2.00/1.00 addr 2 umass0: using SCSI over Bulk-Only scsibus2 at umass0: 2 targets, initiator 0 cd1 at scsibus2 targ 1 lun 0: <slimtype, eSAU108 3, HL09> SCSI0 5/cdrom removable syncing disks... OpenBSD 4.9 (GENERIC.MP) #819: Wed Mar 2 06:57:49 MST 2011 [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2146369536 (2046MB) avail mem = 2075209728 (1979MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf8e00 (48 entries) bios0: vendor American Megatrends Inc. version "080011" date 07/15/2006 bios0: Supermicro H8SSL acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC OEMB acpi0: wakeup devices P1P2(S4) USB0(S1) USB1(S1) USB2(S1) PS2K(S4) PS2M(S4) SLPB(S1) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Dual Core AMD Opteron(tm) Processor 170, 1995.26 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Dual Core AMD Opteron(tm) Processor 170, 1995.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 11, 16 pins ioapic1 at mainbus0: apid 3 pa 0xfec01000, version 11, 16 pins ioapic2 at mainbus0: apid 4 pa 0xfec02000, version 11, 16 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus 2 (P1P2) acpicpu0 at acpi0: PSS acpicpu1 at acpi0: PSS acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: SLPB cpu0: Cool'n'Quiet K8 1995 MHz: speeds: 2000 1800 1000 MHz pci0 at mainbus0 bus 0 ppb0 at pci0 dev 1 function 0 "ServerWorks HT-1000 PCI" rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci1 dev 13 function 0 "ServerWorks HT-1000 PCIX" rev 0xb2 pci2 at ppb1 bus 2 twe0 at pci2 dev 1 function 0 "3ware 7000/8000 series RAID" rev 0x01: apic 3 int 4 (irq 11) twe0: Escalade V1.3 scsibus0 at twe0: 16 targets sd0 at scsibus0 targ 0 lun 0: <3WARE, Host drive #00, > SCSI2 0/direct fixed sd0: 238474MB, 512 bytes/sec, 488395120 sec total bge0 at pci2 dev 3 function 0 "Broadcom BCM5704C" rev 0x10, BCM5704 B0 (0x2100): apic 3 int 8 (irq 9), address 00:30:48:56:68:24 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 3 function 1 "Broadcom BCM5704C" rev 0x10, BCM5704 B0 (0x2100): apic 3 int 9 (irq 5), address 00:30:48:56:68:25 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 piixpm0 at pci0 dev 2 function 0 "ServerWorks HT-1000" rev 0x00: polling iic0 at piixpm0 admcts0 at iic0 addr 0x2c spdmem0 at iic0 addr 0x50: 1GB DDR SDRAM ECC PC3200CL3.0 spdmem1 at iic0 addr 0x51: 1GB DDR SDRAM ECC PC3200CL3.0 pciide0 at pci0 dev 2 function 1 "ServerWorks HT-1000 IDE" rev 0x00: DMA atapiscsi0 at pciide0 channel 0 drive 1 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: <MATSHITA, DVD-ROM SR-8178, PZ16> ATAPI 5/cdrom removable cd0(pciide0:0:1): using PIO mode 4, DMA mode 2, Ultra-DMA mode 0 pcib0 at pci0 dev 2 function 2 "ServerWorks HT-1000 LPC" rev 0x00 ohci0 at pci0 dev 3 function 0 "ServerWorks HT-1000 USB" rev 0x01: apic 2 int 10 (irq 10), version 1.0, legacy support ohci1 at pci0 dev 3 function 1 "ServerWorks HT-1000 USB" rev 0x01: apic 2 int 10 (irq 10), version 1.0, legacy support ehci0 at pci0 dev 3 function 2 "ServerWorks HT-1000 USB" rev 0x01: apic 2 int 10 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "ServerWorks EHCI root hub" rev 2.00/1.00 addr 1 vga1 at pci0 dev 5 function 0 "ATI Rage XL" rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pchb0 at pci0 dev 24 function 0 "AMD AMD64 0Fh HyperTransport" rev 0x00 pchb1 at pci0 dev 24 function 1 "AMD AMD64 0Fh Address Map" rev 0x00 pchb2 at pci0 dev 24 function 2 "AMD AMD64 0Fh DRAM Cfg" rev 0x00 kate0 at pci0 dev 24 function 3 "AMD AMD64 0Fh Misc Cfg" rev 0x00 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 "ServerWorks OHCI root hub" rev 1.00/1.00 addr 1 usb2 at ohci1: USB revision 1.0 uhub2 at usb2 "ServerWorks OHCI root hub" rev 1.00/1.00 addr 1 mtrr: Pentium Pro MTRR support uhidev0 at uhub1 port 2 configuration 1 interface 0 "Dell Dell Smart Card Reader Keyboard" rev 2.00/1.00 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 ugen0 at uhub1 port 2 configuration 1 "Dell Dell Smart Card Reader Keyboard" rev 2.00/1.00 addr 2 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root root on sd0a swap on sd0b dump on sd0b wskbd1: disconnecting from wsdisplay0 wskbd1 detached ukbd0 detached uhidev0 detached ugen0 detached syncing disks... OpenBSD 4.9 (GENERIC.MP) #819: Wed Mar 2 06:57:49 MST 2011 [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2146369536 (2046MB) avail mem = 2075209728 (1979MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf8e00 (48 entries) bios0: vendor American Megatrends Inc. version "080011" date 07/15/2006 bios0: Supermicro H8SSL acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC OEMB acpi0: wakeup devices P1P2(S4) USB0(S1) USB1(S1) USB2(S1) PS2K(S4) PS2M(S4) SLPB(S1) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Dual Core AMD Opteron(tm) Processor 170, 1995.33 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Dual Core AMD Opteron(tm) Processor 170, 1995.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 11, 16 pins ioapic1 at mainbus0: apid 3 pa 0xfec01000, version 11, 16 pins ioapic2 at mainbus0: apid 4 pa 0xfec02000, version 11, 16 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus 2 (P1P2) acpicpu0 at acpi0: PSS acpicpu1 at acpi0: PSS acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: SLPB cpu0: Cool'n'Quiet K8 1995 MHz: speeds: 2000 1800 1000 MHz pci0 at mainbus0 bus 0 ppb0 at pci0 dev 1 function 0 "ServerWorks HT-1000 PCI" rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci1 dev 13 function 0 "ServerWorks HT-1000 PCIX" rev 0xb2 pci2 at ppb1 bus 2 twe0 at pci2 dev 1 function 0 "3ware 7000/8000 series RAID" rev 0x01: apic 3 int 4 (irq 11) twe0: Escalade V1.3 scsibus0 at twe0: 16 targets sd0 at scsibus0 targ 0 lun 0: <3WARE, Host drive #00, > SCSI2 0/direct fixed sd0: 238474MB, 512 bytes/sec, 488395120 sec total bge0 at pci2 dev 3 function 0 "Broadcom BCM5704C" rev 0x10, BCM5704 B0 (0x2100): apic 3 int 8 (irq 9), address 00:30:48:56:68:24 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 3 function 1 "Broadcom BCM5704C" rev 0x10, BCM5704 B0 (0x2100): apic 3 int 9 (irq 5), address 00:30:48:56:68:25 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 piixpm0 at pci0 dev 2 function 0 "ServerWorks HT-1000" rev 0x00: polling iic0 at piixpm0 admcts0 at iic0 addr 0x2c spdmem0 at iic0 addr 0x50: 1GB DDR SDRAM ECC PC3200CL3.0 spdmem1 at iic0 addr 0x51: 1GB DDR SDRAM ECC PC3200CL3.0 pciide0 at pci0 dev 2 function 1 "ServerWorks HT-1000 IDE" rev 0x00: DMA atapiscsi0 at pciide0 channel 0 drive 1 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: <MATSHITA, DVD-ROM SR-8178, PZ16> ATAPI 5/cdrom removable cd0(pciide0:0:1): using PIO mode 4, DMA mode 2, Ultra-DMA mode 0 pcib0 at pci0 dev 2 function 2 "ServerWorks HT-1000 LPC" rev 0x00 ohci0 at pci0 dev 3 function 0 "ServerWorks HT-1000 USB" rev 0x01: apic 2 int 10 (irq 10), version 1.0, legacy support ohci1 at pci0 dev 3 function 1 "ServerWorks HT-1000 USB" rev 0x01: apic 2 int 10 (irq 10), version 1.0, legacy support ehci0 at pci0 dev 3 function 2 "ServerWorks HT-1000 USB" rev 0x01: apic 2 int 10 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "ServerWorks EHCI root hub" rev 2.00/1.00 addr 1 vga1 at pci0 dev 5 function 0 "ATI Rage XL" rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pchb0 at pci0 dev 24 function 0 "AMD AMD64 0Fh HyperTransport" rev 0x00 pchb1 at pci0 dev 24 function 1 "AMD AMD64 0Fh Address Map" rev 0x00 pchb2 at pci0 dev 24 function 2 "AMD AMD64 0Fh DRAM Cfg" rev 0x00 kate0 at pci0 dev 24 function 3 "AMD AMD64 0Fh Misc Cfg" rev 0x00 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 "ServerWorks OHCI root hub" rev 1.00/1.00 addr 1 usb2 at ohci1: USB revision 1.0 uhub2 at usb2 "ServerWorks OHCI root hub" rev 1.00/1.00 addr 1 mtrr: Pentium Pro MTRR support vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root root on sd0a swap on sd0b dump on sd0b # $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $ # # See pf.conf(5) for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. # Global Options ext_if="bge0" my_ip="IP" con_ip="IP" management = "{ IPs }" timeserver="IP" openbsd_mirror="IP" smtpserver="{ IPs }" set loginterface bge0 set block-policy return # bge0 - bad internet # bge1 - not configured # lo0 - loopback # Global default block all ######################## INTERFACE bge0 ############################ # INCOMING : connections to us # SSH ssh pass in on $ext_if proto TCP from $management to $my_ip port 22 flags S/SA keep state # DNS dns pass in on $ext_if proto { UDP TCP } from any to $my_ip port 53 keep state # ICMP icmp allow useful net helper packets pass in on $ext_if inet proto ICMP all icmp-type { 0, 3, 11 } keep state pass in on $ext_if inet proto ICMP all icmp-type { 0, 3, 8, 11, 30 } keep state # OUTGOING : connections from us # SSH ssh pass out on $ext_if proto TCP from $my_ip to any port 22 flags S/SA keep state # DNS dns pass out on $ext_if proto { TCP, UDP } from $my_ip to any port 53 keep state # NTP ntp pass out on $ext_if proto UDP from $my_ip to $timeserver port 123 keep state # SMTP smtp pass out on $ext_if proto TCP from $my_ip to $smtpserver port 25 keep state # HTTP http pass out on $ext_if proto TCP from $my_ip to $openbsd_mirror port 80 keep state # ICMP icmp allow useful net helper packets pass out on $ext_if inet proto ICMP all icmp-type { 0, 3, 11 } keep state pass out on $ext_if inet proto ICMP all icmp-type { 0, 3, 8, 11, 30 } keep state ######################## INTERFACE bge0 ############################ # Covered by block all ######################## INTERFACE lo0 ############################ # LO lo0 pass in on lo0 all pass out on lo0 all
