(quoting the whole email with attachments below for readers on the mailing list; attachments get stripped)
> memory 19339 0.3/s In that case, vmstat -m might be useful too. Have any sysctl settings been changed? On 2011/12/07 10:11, Sebastien Maerker, Continum wrote: > Hello, > > Thank you very much for your answers. > > As attachment the Output from the commands "pfctl -vsr" and "pfctl -si" from > the primary > and secondary server. > > Thank you in advance > Sibastien Maerker > > -- > Sibastien Maerker > Continum AG > Bismarckallee 7b-d > 79098 Freiburg i. Br. > Tel. +49 761 217 111-77 > Fax. +49 761 217 111-99 > http://www.continum.net > > Sitz der Gesellschaft: Freiburg im Breisgau > Registergericht: Amtsgericht Freiburg, HRB 6866 > Vorstand: Rolf Mathis, Volker T. Mueller > Vorsitzender d. Aufsichtsrats: Prof. Dr. Karl-F. Fischbach > > > > > ----- Urspr|ngliche Mail ----- > Von: "Steven Chamberlain" <[email protected]> > An: "Sebastien Maerker, Continum" <[email protected]> > CC: "Stuart Henderson" <[email protected]>, [email protected] > Gesendet: Dienstag, 6. Dezember 2011 17:05:38 > Betreff: Re: Problems with OpenBSD 5.0 and PF > > On 06/12/11 15:45, Sebastien Maerker, Continum wrote: > > We have already tested the "block log all" and "tcpdump -nnei pflog0" with > > activated PF on the primary, but we saw nothing/nothing was logged. > > Hi, > > Do you really mean that *nothing* was being logged at all? With 'block > log all' at the start of your ruleset, I'd expect pretty much > *everything* to be logged (because the 'log' flag also applies to > packets that are later matched by a pass rule). > > Otherwise maybe you need to flush the state table with 'pfctl -F states' > after starting tcpdump, before you see any new traffic logged. But be > careful -- if you're controlling the server via ssh I imagine it would > close the connection, so you'd better check first that your firewall > ruleset accepts new connections to the ssh port. > > Perhaps share with us the output of 'pfctl -vsr' to show the active > ruleset and the 'pfctl -si' counters, after enabling PF on the machine. > > Regards, > -- > Steven Chamberlain > [email protected] > block return log all > [ Evaluations: 22976373 Packets: 1612 Bytes: 163183 States: 0 > ] > [ Inserted: uid 0 pid 23494 State Creations: 0 ] > pass in on em0 inet proto tcp from LOCAL to PRIMARY port = ssh flags S/SA > [ Evaluations: 22976373 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23494 State Creations: 0 ] > pass in on em0 inet proto tcp from LOCAL to PRIMARY port = ssh flags S/SA > [ Evaluations: 162859 Packets: 11545 Bytes: 1366076 States: 3 > ] > [ Inserted: uid 0 pid 23494 State Creations: 3 ] > pass in on em0 inet proto tcp from LOCAL to PRIMARY port = ssh flags S/SA > [ Evaluations: 162859 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23494 State Creations: 0 ] > pass in on em0 inet proto tcp from LOCAL to PRIMARY port = ssh flags S/SA > [ Evaluations: 162859 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23494 State Creations: 0 ] > pass in on em0 inet proto tcp from any to PRIMARY port = domain flags S/SA > [ Evaluations: 162859 Packets: 1952486 Bytes: 156996419 States: 39 > ] > [ Inserted: uid 0 pid 23494 State Creations: 149175] > pass out on em0 inet proto tcp from PRIMARY to LOCAL port = smtp flags S/SA > [ Evaluations: 165390 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23494 State Creations: 0 ] > pass out on em0 inet proto tcp from PRIMARY to LOCAL port = smtp flags S/SA > [ Evaluations: 5 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23494 State Creations: 0 ] > pass out on em0 inet proto tcp from PRIMARY to any port = ssh flags S/SA > [ Evaluations: 5 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23494 State Creations: 0 ] > pass out on em0 inet proto tcp from PRIMARY to any port = domain flags S/SA > [ Evaluations: 5 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23494 State Creations: 0 ] > pass out on em0 inet proto tcp from PRIMARY to OPENBSDMIRROR port = www flags > S/SA > [ Evaluations: 5 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23494 State Creations: 0 ] > pass out on em0 inet proto udp from PRIMARY to any port = domain > [ Evaluations: 22813514 Packets: 1758 Bytes: 108460 States: 0 > ] > [ Inserted: uid 0 pid 23494 State Creations: 877 ] > pass out on em0 inet proto udp from PRIMARY to TIMESERVER port = ntp > [ Evaluations: 2525 Packets: 4956 Bytes: 376656 States: 1 > ] > [ Inserted: uid 0 pid 23494 State Creations: 1166 ] > pass out on em0 inet proto icmp all icmp-type echoreq code 0 > [ Evaluations: 2531 Packets: 133450 Bytes: 11209800 States: 1 > ] > [ Inserted: uid 0 pid 23494 State Creations: 1 ] > pass in on em0 inet proto udp from any to PRIMARY port = domain > [ Evaluations: 22976373 Packets: 53894775 Bytes: 6413293719 States: 8861 > ] > [ Inserted: uid 0 pid 23494 State Creations: 22803973] > pass in on em0 inet proto icmp all icmp-type echoreq code 0 > [ Evaluations: 22973842 Packets: 466 Bytes: 39012 States: 0 > ] > [ Inserted: uid 0 pid 23494 State Creations: 227 ] > Status: Enabled for 0 days 18:50:28 Debug: err > > Interface Stats for em0 IPv4 IPv6 > Bytes In 12503041499 0 > Bytes Out 28691622514 64 > Packets In > Passed 175648715 0 > Blocked 128572 0 > Packets Out > Passed 174795842 1 > Blocked 1966 0 > > State Table Total Rate > current entries 9142 > searches 56005712 825.7/s > inserts 22949290 338.3/s > removals 22940152 338.2/s > Counters > match 22970249 338.7/s > bad-offset 0 0.0/s > fragment 0 0.0/s > short 11022 0.2/s > normalize 0 0.0/s > memory 19339 0.3/s > bad-timestamp 0 0.0/s > congestion 0 0.0/s > ip-option 0 0.0/s > proto-cksum 0 0.0/s > state-mismatch 0 0.0/s > state-insert 0 0.0/s > state-limit 0 0.0/s > src-limit 0 0.0/s > synproxy 0 0.0/s > block return log all > [ Evaluations: 150044 Packets: 240 Bytes: 13567 States: 0 > ] > [ Inserted: uid 0 pid 23716 State Creations: 0 ] > pass in on bge0 inet proto tcp from LOCAL to SECONDARY port = ssh flags S/SA > keep state > [ Evaluations: 150044 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23716 State Creations: 0 ] > pass in on bge0 inet proto tcp from LOCAL to SECONDARY port = ssh flags S/SA > keep state > [ Evaluations: 236 Packets: 4332 Bytes: 459888 States: 2 > ] > [ Inserted: uid 0 pid 23716 State Creations: 2 ] > pass in on bge0 inet proto tcp from LOCAL to SECONDARY port = ssh flags S/SA > keep state > [ Evaluations: 236 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23716 State Creations: 0 ] > pass in on bge0 inet proto tcp from LOCAL to SECONDARY port = ssh flags S/SA > keep state > [ Evaluations: 236 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23716 State Creations: 0 ] > pass in on bge0 inet proto tcp from any to SECONDARY port = domain flags S/SA > keep state > [ Evaluations: 236 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23716 State Creations: 0 ] > pass out on bge0 inet proto tcp from SECONDARY to LOCAL port = smtp flags > S/SA keep state > [ Evaluations: 149470 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23716 State Creations: 0 ] > pass out on bge0 inet proto tcp from SECONDARY to LOCAL port = smtp flags > S/SA keep state > [ Evaluations: 149017 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23716 State Creations: 0 ] > pass out on bge0 inet proto tcp from SECONDARY to any port = ssh flags S/SA > keep state > [ Evaluations: 149017 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23716 State Creations: 0 ] > pass out on bge0 inet proto tcp from SECONDARY to any port = domain flags > S/SA keep state > [ Evaluations: 149017 Packets: 1962846 Bytes: 157462919 States: 63 > ] > [ Inserted: uid 0 pid 23716 State Creations: 149015] > pass out on bge0 inet proto tcp from SECONDARY to OPENBSDMIRROR port = www > flags S/SA keep state > [ Evaluations: 149017 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23716 State Creations: 0 ] > pass out on bge0 inet proto udp from SECONDARY to any port = domain keep state > [ Evaluations: 149808 Packets: 320 Bytes: 26296 States: 0 > ] > [ Inserted: uid 0 pid 23716 State Creations: 160 ] > pass out on bge0 inet proto udp from SECONDARY to TIMESERVER port = ntp keep > state > [ Evaluations: 217 Packets: 111 Bytes: 8436 States: 0 > ] > [ Inserted: uid 0 pid 23716 State Creations: 57 ] > pass out on bge0 inet proto icmp all icmp-type echoreq code 0 keep state > [ Evaluations: 149234 Packets: 0 Bytes: 0 States: 0 > ] > [ Inserted: uid 0 pid 23716 State Creations: 0 ] > pass in on bge0 inet proto udp from any to SECONDARY port = domain keep state > [ Evaluations: 150044 Packets: 1132 Bytes: 69162 States: 0 > ] > [ Inserted: uid 0 pid 23716 State Creations: 564 ] > pass in on bge0 inet proto icmp all icmp-type echoreq code 0 keep state > [ Evaluations: 810 Packets: 135186 Bytes: 11355400 States: 1 > ] > [ Inserted: uid 0 pid 23716 State Creations: 6 ] > Status: Enabled for 0 days 19:00:08 Debug: err > > Interface Stats for bge0 IPv4 IPv6 > Bytes In 3534472098 0 > Bytes Out 5672369615 64 > Packets In > Passed 45292784 0 > Blocked 6675 0 > Packets Out > Passed 46795234 1 > Blocked 216 0 > > State Table Total Rate > current entries 60 > searches 2104339 30.8/s > inserts 149810 2.2/s > removals 149752 2.2/s > Counters > match 150053 2.2/s > bad-offset 0 0.0/s > fragment 0 0.0/s > short 4 0.0/s > normalize 0 0.0/s > memory 0 0.0/s > bad-timestamp 0 0.0/s > congestion 0 0.0/s > ip-option 0 0.0/s > proto-cksum 0 0.0/s > state-mismatch 2 0.0/s > state-insert 0 0.0/s > state-limit 0 0.0/s > src-limit 0 0.0/s > synproxy 0 0.0/s
