Hello.
Today a box of mine (8.4p16/amd64) stopped working as a router; I don't
have a clear picture, but the internal nets were working perfectly,
while the external interfaces lagged, dropped connections or stopped
packets from passing.
The box is running pf (for handling multiple Internet lines) + ipfw (for
firewalling).
I tried a simple telnet xxx:80 and this is what I observed:
_ tcpdump would see packets going out and replies coming in;
_ an early ipfw allow rule with setup keep-state would see no packet
going out and would not create any dinamic rule.
This lead me to look into pf...
"/etc/rc.d/pf restart" did not solve.
"/etc/rc.d/pf stop ; /etc/rc.d/pf start" did!
These are my pf rules:
pass out quick inet from 192.168.x.0/24 to 192.168.y.0/24 no state
pass out quick inet from 192.168.x.0/24 to 192.168.z.0/24 no state
pass out log quick route-to (vlan3 192.168.x.x) inet from 192.168.x.0/24 to !
192.168.x.0/24 no state
pass out quick inet from a.b.c.d/29 to 192.168.y.0/24 no state
pass out quick inet from a.b.c.d/29 to 192.168.z.0/24 no state
pass out log quick route-to (vlan1 a.b.c.e) inet from a.b.c.d/29 to !
a.b.c.d/29 no state
pass out quick inet from i.j.k.l/29 to 192.168.z.0/24 no state
pass out quick inet from i.j.k.l/29 to 192.168.z.0/24 no state
pass out log quick route-to (vlan2 i.j.k.m) inet from i.j.k.l/29 to !
i.j.k.l/29 no state
These rules are working fine, but have hanged already twice in two weeks
(once on this box, once on an almost identical one).
Is there any known problem wrt running pf? pf+ipfw? pf on 8.4?
Any hint on how to search for what's wrong?
bye & Thanks
av.
P.S. Please, forgive me, but I'm quite noob with pf.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[email protected]"
