Hello all.
Can anyone ack that route-to/reply-to rules do not work on amd64?
I have the following rule in pf.conf:
pass in quick on $limit_if inet proto icmp icmp-type echoreq \
reply-to ($limit_if $limit_gw)
It does not work (IPs replaced via corresponding macros by me),
see tcpdump(8) output:
02:00:58.171084 77.108.65.40 > ($limit_if): icmp: echo request
02:00:58.171113 77.108.65.40 > $limit_gw: icmp: echo request
Yep, such weird. And when I remove "reply-to" clause, it works as
intended:
01:53:11.174644 77.108.65.40 > ($limit_if): icmp: echo request
No ICMP replies seen - they try to go via default route that is on
another interface.
There are similar problems with "route-to": it looks like acting as
"rdr-to", replacing destination IP address.
I have no problems on i386 firewall with same sort of setup.
System was updated via snapshot two days ago, and then kernel and
pfctl(8) were rebuilt then from source while debugging this case. Full
dmesg is at the end of letter.
Thank you for any responses.
--
Best wishes,
Vadim Zhukov
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
P.S.: Sorry for my bad English.
OpenBSD 4.6-current (GENERIC.MP) #11: Wed Sep 9 16:17:29 MSD 2009
p...@proxy.corp.arbat21.ru:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1071251456 (1021MB)
avail mem = 1036410880 (988MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xdc010 (43 entries)
bios0: vendor HP version "O22" date 04/09/2008
bios0: HP ProLiant DL120 G5
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SPMI EINJ HEST BERT SSDT ERST MCFG HPET APIC BOOT SPCR
SSDT SSDT SSDT
acpi0: wakeup devices USB4(S3) USB5(S3) USB7(S3) ESB2(S4) EXP1(S4) EXP2(S4)
EXP3(S4) EXP4(S4) EXP5(S4) EXP6
(S4) USB1(S3) USB2(S3) USB3(S3) USB6(S3) ESB1(S3) PCIB(S3) PWRB(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU 3065 @ 2.33GHz, 2333.68 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: apic clock running at 333MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Xeon(R) CPU 3065 @ 2.33GHz, 2333.34 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu1: 4MB 64b/line 16-way L2 cache
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PEG1)
acpiprt2 at acpi0: bus -1 (PEG2)
acpiprt3 at acpi0: bus 5 (EXP1)
acpiprt4 at acpi0: bus -1 (EXP2)
acpiprt5 at acpi0: bus -1 (EXP3)
acpiprt6 at acpi0: bus -1 (EXP4)
acpiprt7 at acpi0: bus 13 (EXP5)
acpiprt8 at acpi0: bus 14 (EXP6)
acpiprt9 at acpi0: bus 17 (PCIB)
acpicpu0 at acpi0: C3, PSS
acpicpu1 at acpi0: C3, PSS
acpibtn0 at acpi0: PWRB
ipmi at mainbus0 not configured
cpu0: Enhanced SpeedStep 2333 MHz: speeds: 2333, 2000 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 3200/3210 Host" rev 0x01
ppb0 at pci0 dev 1 function 0 "Intel 3200/3210 PCIE" rev 0x01: apic 2 int 16
(irq 5)
pci1 at ppb0 bus 1
em0 at pci1 dev 0 function 0 "Intel PRO/1000 PT (82571EB)" rev 0x06: apic 2 int
16 (irq 5), address
00:15:17:93:a1:04
em1 at pci1 dev 0 function 1 "Intel PRO/1000 PT (82571EB)" rev 0x06: apic 2 int
17 (irq 10), address
00:15:17:93:a1:05
uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x02: apic 2 int 16 (irq
5)
uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x02: apic 2 int 17 (irq
10)
uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x02: apic 2 int 18 (irq
3)
ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x02: apic 2 int 18 (irq
3)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb1 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x02: apic 2 int 16 (irq
5)
pci2 at ppb1 bus 5
em2 at pci2 dev 0 function 0 "Intel PRO/1000 PT (82571EB)" rev 0x06: apic 2 int
16 (irq 5), address
00:1f:29:54:2f:78
em3 at pci2 dev 0 function 1 "Intel PRO/1000 PT (82571EB)" rev 0x06: apic 2 int
17 (irq 10), address
00:1f:29:54:2f:79
ppb2 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x02: apic 2 int 16 (irq
5)
pci3 at ppb2 bus 13
vga1 at pci3 dev 0 function 0 "Matrox MGA G200e (ServerEngines)" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb3 at pci0 dev 28 function 5 "Intel 82801I PCIE" rev 0x02: apic 2 int 17 (irq
10)
pci4 at ppb3 bus 14
bge0 at pci4 dev 0 function 0 "Broadcom BCM5722" rev 0x00, BCM5755 C0 (0xa200):
apic 2 int 17 (irq 10),
address 00:1f:29:0e:7b:57
brgphy0 at bge0 phy 1: BCM5722 10/100/1000baseT PHY, rev. 0
uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x02: apic 2 int 16 (irq
5)
uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x02: apic 2 int 17 (irq
10)
uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x02: apic 2 int 18 (irq
3)
ehci1 at pci0 dev 29 function 7 "Intel 82801I USB" rev 0x02: apic 2 int 16 (irq
5)
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb4 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x92
pci5 at ppb4 bus 17
pcib0 at pci0 dev 31 function 0 "Intel 82801IR LPC" rev 0x02
pciide0 at pci0 dev 31 function 2 "Intel 82801I SATA" rev 0x02: DMA, channel 0
configured to native-PCI,
channel 1 configured to native-PCI
pciide0: using apic 2 int 17 (irq 10) for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: <GB0160CAABV>
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x02: apic 2 int 17
(irq 10)
iic0 at ichiic0
spdmem0 at iic0 addr 0x51: 1GB DDR2 SDRAM ECC PC2-6400CL5
pciide1 at pci0 dev 31 function 5 "Intel 82801I SATA" rev 0x02: DMA, channel 0
wired to native-PCI, channel
1 wired to native-PCI
pciide1: using apic 2 int 18 (irq 3) for native-PCI interrupt
usb2 at uhci0: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci1: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci2: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb5 at uhci3: USB revision 1.0
uhub5 at usb5 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb6 at uhci4: USB revision 1.0
uhub6 at usb6 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb7 at uhci5: USB revision 1.0
uhub7 at usb7 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
mtrr: Pentium Pro MTRR support
uhidev0 at uhub5 port 2 configuration 1 interface 0 "ServerEngines SE USB
Device" rev 1.10/0.01 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd0 at ukbd0: console keyboard, using wsdisplay0
uhidev1 at uhub5 port 2 configuration 1 interface 1 "ServerEngines SE USB
Device" rev 1.10/0.01 addr 2
uhidev1: iclass 3/1
ums0 at uhidev1: 8 buttons, Z dir
wsmouse0 at ums0 mux 0
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
