Re: IP-Filter w/FreeBSD-current

Tue, 1 Feb 2000 13:21:35 -0800 

Mike Tancsa wrote:

>>The only thing I discovered a few days ago is that when I dialin to the
>>company network I have to unload and reload the filter rules to get ppp
>>over the tun0 device working. Before starting /usr/sbin/ppp I do a
>>ifconfig xl0 down to disable the cable modem interface completely.
>>Anybody any idea where I can start to debug this weird problem?
>
>What does your routing table look like before and after ?

Before:

    Destination        Gateway            Flags      Netif Expire
    default            212.83.94.94       UGSc        xl0
    127.0.0.1          127.0.0.1          UH          lo0
    192.168.1          link#3             UC          ed0 =>
    212.83.94.64/27    link#1             UC          xl0 =>
    212.83.94.94       0:90:2b:7e:f4:0    UHLW        xl0   1155

(ed0: internal network, xl0 cable modem interface)

xl0 is now shut down by my dialin script, and the old default route is
deleted before starting /usr/sbin/ppp:

    Destination        Gateway            Flags      Netif Expire
    default            172.16.122.2       UGSc       tun0
    127.0.0.1          127.0.0.1          UH          lo0
    172.16.122.2       172.16.122.66      UH         tun0
    192.168.1          link#3             UC          ed0 =>

As far as I can see they look pretty OK...

I just did some more testing, this is what I see:

- fresh reboot, xl0 gets its IP address via DHCP and ipf filter rules
  get loaded with a small script:

    # flush all rules
    ipf -D
    # enable ipmon
    ipmon -s &
    # load rules
    ipf -f /etc/ipf.conf
    # enable
    ipf -E

  W.r.t. filter rules for the tun0 interface:

    [...]
    # TUNNEL
    pass out quick on tun0
    pass in  quick on tun0
    [...]

  Cable modem connection works, filter rules work as well.

- Now I dialin to my company via /usr/sbin/ppp which uses the tun0
  device. Connection and PPP negotiations succeeds succesfully but
  there's no IP traffic possible. Only after executing my ipf.reload
  script:

    # flush all rules on the inactive list
    ipf -I -F a
    # load new ones
    ipf -I -f /etc/ipf.conf
    # swap rule sets
    ipf -s

  the PPP connection works  (ipf.conf not changed of course).

- Now the fun part:

  - shut down the PPP connection, xl0 becomes 'up' again; cable modem
    works again.
  - dialin to the company again: PPP connection now works without
    running ipf.reload!
  - repeat until infinity...

So it seems that only initially something weird is going on with the
tun0 device. I've done the whole test three times and it's reproducable.

Arjan

-- 
Arjan de Vet, Eindhoven, The Netherlands              <[EMAIL PROTECTED]>
URL: http://www.iae.nl/users/devet/           for PGP key: finger [EMAIL PROTECTED]



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to