Hi
I move from 4.6 to 4.7, rewrite my pf.conf rules to match new style.
Everything works fine, but when I try to traceroute a host with -I flag
(force to use icmp) on my obsd fw
I got Request time out on all hops exclude the last one, which I was my
target to traceroute. Here is an example:
[ns]~$ traceroute -I data.bg
traceroute to data.bg (195.149.248.130), 64 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 web.data.bg (195.149.248.130) 0.740 ms 0.707 ms 0.733 ms
As you can see only the last hop is present.
Example without -I flag (using udp);
[ns]~$ traceroute data.bg
traceroute to data.bg (195.149.248.130), 64 hops max, 40 byte packets
1 gw.tbc.bg (94.26.7.33) 0.591 ms 0.462 ms 0.443 ms
2 peer.tbc.bg (94.26.50.2) 0.961 ms 1.317 ms 1.965 ms
3 85.91.141.65 (85.91.141.65) 0.866 ms 0.905 ms 1.93 ms
4 web.data.bg (195.149.248.130) 0.847 ms 0.732 ms 0.712 ms
When I use 'tracert host' on MS Windows box behind my obsd fw, I got a same
behavior
C:\Users\Administrator>tracert data.bg
Tracing route to data.bg [195.149.248.130]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms ns.bsdbg.net [192.168.1.1]
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 <1 ms 1 ms 1 ms web.data.bg [195.149.248.130]
Trace complete.
Here first hop is my obsd fw. I use tcpdump to see what actually happens:
[ns]~# tcpdump -nettti pflog0 host vlado and icmp
tcpdump: listening on pflog0, link-type PFLOG
Aug 19 02:29:32.165656 rule 85/(match) pass in on em1: 192.168.1.2 >
195.149.248.130: icmp: echo request [ttl 1]
Aug 19 02:29:33.168104 rule 120/(match) pass out on em0: 192.168.1.2 >
195.149.248.130: icmp: echo request [ttl 1]
Aug 19 02:29:33.168117 rule 17/(match) match out on em0: 192.168.1.2 >
195.149.248.130: icmp: echo request [ttl 1]
Aug 19 02:29:33.168128 rule 16/(match) match out on em0: 192.168.1.2 >
195.149.248.130: icmp: echo request [ttl 1]
Aug 19 02:29:33.168593 rule 120/(match) pass in on em0: 94.26.7.33 >
192.168.1.2: icmp: time exceeded in-transit [tos 0xc0]
Aug 19 02:29:33.168613 rule 14/(match) block out on em1: 94.26.7.33 >
192.168.1.2: icmp: time exceeded in-transit [tos 0xc0]
Aug 19 02:29:36.960715 rule 120/(match) pass in on em0: 94.26.7.33 >
192.168.1.2: icmp: time exceeded in-transit [tos 0xc0]
Aug 19 02:29:40.960831 rule 120/(match) pass in on em0: 94.26.7.33 >
192.168.1.2: icmp: time exceeded in-transit [tos 0xc0]
Aug 19 02:29:44.962196 rule 120/(match) pass in on em0: 94.26.50.2 >
192.168.1.2: icmp: time exceeded in-transit [tos 0xc0]
Aug 19 02:29:48.961438 rule 120/(match) pass in on em0: 94.26.50.2 >
192.168.1.2: icmp: time exceeded in-transit [tos 0xc0]
Aug 19 02:29:52.961678 rule 120/(match) pass in on em0: 94.26.50.2 >
192.168.1.2: icmp: time exceeded in-transit [tos 0xc0]
Aug 19 02:29:56.960795 rule 120/(match) pass in on em0: 85.91.141.65 >
192.168.1.2: icmp: time exceeded in-transit
Aug 19 02:30:00.960785 rule 120/(match) pass in on em0: 85.91.141.65 >
192.168.1.2: icmp: time exceeded in-transit
Aug 19 02:30:05.002249 rule 120/(match) pass in on em0: 85.91.141.65 >
192.168.1.2: icmp: time exceeded in-transit
Aug 19 02:30:08.960640 rule 120/(match) pass in on em0: 195.149.248.130 >
192.168.1.2: icmp: echo reply
Aug 19 02:30:08.961639 rule 120/(match) pass in on em0: 195.149.248.130 >
192.168.1.2: icmp: echo reply
Aug 19 02:30:08.962888 rule 120/(match) pass in on em0: 195.149.248.130 >
192.168.1.2: icmp: echo reply
When I turn off pf (pfctl -d) 'traceroute -I' work as it should.
I really don't know what happen.
Thanks in advance,
Atanas
Here is my pf.conf
##############
pf.conf
##############
################ Macros ######################
### Interfaces ###
ExtIf ="em0"
IntIf ="em1"
### Hosts ###
vl="192.168.1.2"
jl="192.168.1.3"
ve="192.168.1.4"
ntp="192.168.1.5"
### Queues, States and Types ###
IcmpType ="icmp-type 8 code 0"
SynState ="flags S/SAFR synproxy state"
TcpState ="flags S/SAFR modulate state"
UdpState ="keep state"
### Ports ###
# Squid
squid="2020"
# Remote Desktop Connection
rdc_int="3389"
rdc_ext="4000"
# Skype
vl_skype="30001"
jl_skype="30002"
ve_skype="30003"
# uTorrent
vl_torrent="30004"
jl_torrent="30005"
ve_torrent="30006"
urange="30004:30006"
# HFS
vl_hfs="8080"
# VsFTP
ftprange="55000:60000"
FtpPort ="8021"
# Symux
symux="2100"
# Battle.net
bnet="6112"
# Ssh
ssh_ext="443"
### Stateful Tracking Options (STO) ###
ExtIfSTO ="(max 9000, source-track rule, max-src-conn 2000, max-src-nodes
254)"
IntIfSTO ="(max 250, source-track rule, max-src-conn 100, max-src-nodes
254, max-src-conn-rate 75/20)"
PostfxSTO ="(max 100, source-track rule, max-src-states 5,
max-src-nodes 30, max-src-conn-rate 10/300, overload <BLACKLIST> flush
global, tcp.established 45)"
SpamdSTO ="(max 500, source-track rule, max-src-conn 10, max-src-nodes
300, max-src-conn-rate 2/300, tcp.established 10)"
SshSTO ="(max 10, source-track rule, max-src-conn 10, max-src-nodes
5, max-src-conn-rate 20/60, overload <OVERLOAD_SSH> flush global)"
ntpSTO ="(max 500, source-track rule, max-src-states 30,
max-src-conn-rate 20/5, overload <OVERLOAD_NTP> flush global)"
TorSTO ="(max 250, source-track rule, max-src-conn 1, max-src-nodes
250, max-src-conn-rate 3/300, tcp.established 60)"
ApacheSTO ="(max 30, source-track rule, max-src-conn 10, max-src-nodes 4,
max-src-conn-rate 20/60, tcp.established 60)"
### Tables ###
table <BLACKLIST> persist file "/etc/blacklist"
table <OVERLOAD_SSH> persist
table <OVERLOAD_NTP> persist
table <bgnets> file "/etc/bgnets"
table <spamd-white> persist
table <proxy-users> persist { 80.251.14.106, 193.110.130.103,
85.92.222.254, \
72.93.1.168, 76.19.242.55 }
table <isp> persist { 94.26.0.0/17 }
################ Options
######################################################
### Misc Options
set debug urgent
set reassemble yes
set require-order yes
set block-policy drop
set loginterface $ExtIf
set state-policy if-bound
set fingerprints "/etc/pf.os"
set ruleset-optimization none
### Timeout Options
set optimization aggressive
set timeout { frag 30, tcp.established 1200 }
set timeout { tcp.first 30, tcp.closing 30, tcp.closed 30, tcp.finwait 30 }
set timeout { udp.first 30, udp.single 30, udp.multiple 30 }
set timeout { other.first 30, other.single 30, other.multiple 30 }
################ Queueing
####################################################
altq on $ExtIf bandwidth 100% hfsc queue { BG, INTER, ISP }
queue INTER bandwidth 2% hfsc (upperlimit 1960Kb) \
{ i_ntp, i_ack, i_dns, i_ssh, i_http, i_bulk, i_bittor }
queue i_ntp bandwidth 10% priority 8 qlimit 500 hfsc (realtime
10%)
queue i_ack bandwidth 30% priority 7 qlimit 500 hfsc (realtime 25%)
queue i_dns bandwidth 10% priority 6 qlimit 500 hfsc (realtime 3% )
queue i_ssh bandwidth 1% priority 6 qlimit 500 hfsc (realtime 2% )
queue i_http bandwidth 20% priority 5 qlimit 500 hfsc (realtime (25%,
5000, 15%))
queue i_bulk bandwidth 28% priority 4 qlimit 500 hfsc (realtime 20%
default)
queue i_bittor bandwidth 1% priority 0 qlimit 2000 hfsc (upperlimit
90%)
queue BG bandwidth 30% hfsc (upperlimit 30Mb) \
{ b_ack, b_dns, b_ntp, b_skype b_rdc, b_http, b_bulk, b_bittor }
queue b_ack bandwidth 10% priority 8 qlimit 500 hfsc (realtime 10%)
queue b_dns bandwidth 1% priority 7 qlimit 500 hfsc (realtime 1% )
queue b_ntp bandwidth 1% priority 6 qlimit 500 hfsc (realtime 1% )
queue b_skype bandwidth 10% priority 5 qlimit 500 hfsc (realtime 10%)
queue b_rdc bandwidth 10% priority 4 qlimit 500 hfsc (realtime 10%)
queue b_http bandwidth 30% priority 3 qlimit 500 hfsc (realtime 30%)
queue b_bulk bandwidth 37% priority 2 qlimit 500 hfsc (realtime 10%)
queue b_bittor bandwidth 1% priority 0 qlimit 500 hfsc (upperlimit
93%)
queue ISP bandwidth 65% hfsc { isp_ack, isp_bulk }
queue isp_ack bandwidth 10% priority 8 qlimit 500 hfsc (realtime
10%)
queue isp_bulk bandwidth 90% priority 5 qlimit 500 hfsc
################ Translation and Filtering
###################################
### Blocking spoofed packets: enable "set state-policy if-bound" above
antispoof log quick for { lo0 $IntIf ($ExtIf) }
### Block to/from illegal sources/destinations
block quick inet6
block in quick on $ExtIf from <BLACKLIST> to any
block in quick on $ExtIf inet proto tcp from <OVERLOAD_SSH> to $ExtIf
port $ssh_ext
block in quick on $ExtIf inet proto udp from <OVERLOAD_NTP> to $ExtIf
port ntp
block in quick on $ExtIf inet from any to 255.255.255.255
block in log quick on $ExtIf inet from urpf-failed to any
block in log quick on $ExtIf inet from no-route to any
### BLOCK all in/out on all interfaces by default and log
block log on $ExtIf
block return log on $IntIf
### Network Address Translation (NAT with outgoing source port
randomization)
match out log on egress from (self) \
to any tag SELF nat-to ($ExtIf:0) port 1024:65535
match out log on egress from !$ExtIf \
to any nat-to ($ExtIf:0) port 1024:65535
### Packet normalization ( "scrubbing" )
match log on $ExtIf all scrub (random-id no-df reassemble tcp max-mss 1460)
### Ftp ( secure ftp proxy for LAN )
anchor "ftp-proxy/*"
### $ExtIf inbound ################
# Named ( bind dns )
pass in log on $ExtIf inet proto udp from any \
to ($ExtIf) port domain $UdpState queue i_dns rdr-to lo0
pass in log on $ExtIf inet proto udp from <bgnets> \
to ($ExtIf) port domain $UdpState queue b_dns rdr-to lo0
# OpenSSH
# pass in log on $ExtIf inet proto tcp from any \
# to ($ExtIf) port ssh $TcpState $SshSTO queue b_bulk rdr-to lo0
# Postfix
pass in log on $ExtIf inet proto tcp from <spamd-white> \
to ($ExtIf) port smtp $SynState $PostfxSTO queue i_skype rdr-to lo0
pass in log on $ExtIf inet proto tcp from !<spamd-white> \
to ($ExtIf) port smtp $SynState $PostfxSTO rdr-to lo0 port spamd
# Apache
pass in log on $ExtIf inet proto tcp from <bgnets> \
to ($ExtIf) port www $SynState $ApacheSTO queue (b_http, b_ack) rdr-to lo0
pass in log on $ExtIf inet proto tcp from !<bgnets> \
to ($ExtIf) port www $SynState $ApacheSTO queue (i_http, i_ack) rdr-to lo0
# Ntpd ( time server )
pass in log on $ExtIf inet proto udp from any \
to ($ExtIf) port ntp $UdpState $ntpSTO queue i_ntp tag NTP rdr-to $ntp
pass in log on $ExtIf inet proto udp from <bgnets> \
to ($ExtIf) port ntp $UdpState $ntpSTO queue b_ntp tag NTP rdr-to $ntp
pass in log on $ExtIf inet proto udp from <isp> \
to ($ExtIf) port ntp $UdpState $ntpSTO queue isp_ack tag NTP rdr-to $ntp
# RDC_BG
pass in log on $ExtIf inet proto tcp from <bgnets> \
to ($ExtIf) port $rdc_ext $SynState queue (b_rdc) tag RDC rdr-to $vl port
$rdc_int
# Squid
pass in log on $ExtIf inet proto tcp from <proxy-users> \
to ($ExtIf) port $squid $SynState rdr-to lo0
# Skype (queue BG)
pass in log on $ExtIf inet proto {tcp, udp} from <bgnets> \
to ($ExtIf) port $vl_skype $TcpState queue (b_skype) tag SKYPE rdr-to $vl
pass in log on $ExtIf inet proto {tcp, udp} from <bgnets> \
to ($ExtIf) port $jl_skype $TcpState queue (b_skype) tag SKYPE rdr-to $jl
pass in log on $ExtIf inet proto {tcp, udp} from <bgnets> \
to ($ExtIf) port $ve_skype $TcpState queue (b_skype) tag SKYPE rdr-to $ve
# Skype (queue INTER)
pass in log on $ExtIf inet proto {tcp, udp} from !<bgnets> \
to ($ExtIf) port $vl_skype $TcpState tag SKYPE rdr-to $vl
pass in log on $ExtIf inet proto {tcp, udp} from !<bgnets> \
to ($ExtIf) port $jl_skype $TcpState tag SKYPE rdr-to $jl
pass in log on $ExtIf inet proto {tcp, udp} from !<bgnets> \
to ($ExtIf) port $ve_skype $TcpState tag SKYPE rdr-to $ve
# Battle.net
pass in log on $ExtIf inet proto {tcp, udp} from <bgnets> \
to ($ExtIf) port $bnet $TcpState queue (b_ack) rdr-to $vl
# uTorrent (queue INTER)
pass in log on $ExtIf inet proto {tcp, udp} from any \
to ($ExtIf) port $vl_torrent $SynState $TorSTO queue (i_bittor, i_ack)
rdr-to $vl
pass in log on $ExtIf inet proto {tcp, udp} from any \
to ($ExtIf) port $jl_torrent $SynState $TorSTO queue (i_bittor, i_ack)
rdr-to $jl
pass in log on $ExtIf inet proto {tcp, udp} from any \
to ($ExtIf) port $ve_torrent $SynState $TorSTO queue (i_bittor, i_ack)
rdr-to $ve
# uTorrent (queue BG)
pass in log on $ExtIf inet proto {tcp, udp} from <bgnets> \
to ($ExtIf) port $vl_torrent $SynState $TorSTO queue (b_bittor, b_ack)
rdr-to $vl
pass in log on $ExtIf inet proto {tcp, udp} from <bgnets> \
to ($ExtIf) port $jl_torrent $SynState $TorSTO queue (b_bittor, b_ack)
rdr-to $jl
pass in log on $ExtIf inet proto {tcp, udp} from <bgnets> \
to ($ExtIf) port $ve_torrent $SynState $TorSTO queue (b_bittor, b_ack)
rdr-to $ve
# uTorrent (queue ISP)
pass in log on $ExtIf inet proto {tcp, udp} from <isp> \
to ($ExtIf) port $vl_torrent $SynState $TorSTO queue (isp_bulk, isp_ack)
rdr-to $vl
pass in log on $ExtIf inet proto {tcp, udp} from <isp> \
to ($ExtIf) port $jl_torrent $SynState $TorSTO queue (isp_bulk, isp_ack)
rdr-to $jl
pass in log on $ExtIf inet proto {tcp, udp} from <isp> \
to ($ExtIf) port $ve_torrent $SynState $TorSTO queue (isp_bulk, isp_ack)
rdr-to $ve
# HFS
pass in log on $ExtIf inet proto tcp from <bgnets> \
to ($ExtIf) port $vl_hfs $SynState $ApacheSTO queue (b_http) rdr-to $vl
# VsFtp (queue BG)
# pass in log on $ExtIf inet proto tcp from <bgnets> \
# to ($ExtIf) port ftp $SynState queue (b_http, b_ack)
# pass in log on $ExtIf inet proto tcp from <bgnets> \
# to ($ExtIf) port $ftprange $SynState queue (b_http, b_ack)
# VsFtp (queue INTER)
# pass in log on $ExtIf inet proto tcp from !<bgnets> \
# to ($ExtIf) port ftp $SynState queue (i_http, i_ack)
# pass in log on $ExtIf inet proto tcp from !<bgnets> \
# to ($ExtIf) port $ftprange $SynState queue (i_http, i_ack)
# Ping
# pass in log on $ExtIf inet proto icmp from any \
# to ($ExtIf) $UdpState
### End $ExtIf inbound ###########
### $IntIf outbound ###########
# ntp.bsdbg.net
pass out log on $IntIf inet proto udp from any \
to $ntp port ntp $UdpState tagged NTP
# RDC
pass out log on $IntIf inet proto tcp from any \
to $vl port $rdc_int $TcpState tagged RDC
# Battle.Net
pass out log on $IntIf inet proto {tcp, udp} from <bgnets> \
to $vl port $bnet $TcpState
# Skype
pass out log on $IntIf inet proto {tcp, udp} from any \
to $vl port $vl_skype $TcpState tagged SKYPE
pass out log on $IntIf inet proto {tcp, udp} from any \
to $jl port $jl_skype $TcpState tagged SKYPE
pass out log on $IntIf inet proto {tcp, udp} from any \
to $ve port $ve_skype $TcpState tagged SKYPE
# uTorrent
pass out log on $IntIf inet proto {tcp, udp} from any \
to $vl port $vl_torrent $TcpState
pass out log on $IntIf inet proto {tcp, udp} from any \
to $jl port $jl_torrent $TcpState
pass out log on $IntIf inet proto {tcp, udp} from any \
to $ve port $ve_torrent $TcpState
# HFS
pass out log on $IntIf inet proto tcp from <bgnets> \
to $vl port $vl_hfs $TcpState
# Allow self to reach Lan
pass out log on $IntIf inet proto {tcp, udp, icmp} from (self) \
to $IntIf:network $TcpState
# Ping
# pass out log on $IntIf inet proto icmp from any \
# to $IntIf:network $UdpState
### End $IntIf outbound ##########
### $IntIf inbound ###############
# Allow all out
pass in log on $IntIf inet proto {tcp, udp} from $IntIf:network \
to any $TcpState tag BULK
pass in log on $IntIf inet proto icmp from $IntIf:network \
to any $UdpState
# Capcha Torrent traffic
pass in log on $IntIf inet proto {tcp, udp} from $IntIf:network port
$urange \
to any $TcpState tag BITTOR
# ntp.bsdbg.net
pass in log on $IntIf inet proto {tcp, udp} from $ntp \
to any $TcpState tag NTP
# Ftp-proxy
pass in log on $IntIf inet proto tcp from $IntIf:network \
to !$IntIf port ftp $TcpState $IntIfSTO rdr-to lo0 port $FtpPort
# Symux
pass in log on $IntIf inet proto {tcp, udp} from $IntIf:network \
to $IntIf port $symux $TcpState $IntIfSTO rdr-to lo0
### End $IntIf inbound ############
### $ExtIf outbound ###############
#################
# TCP #
#################
### Queue bulk (i_bulk $ b_bulk & isp_bulk) ###
pass out log on $ExtIf inet proto tcp from ($ExtIf) \
to any $TcpState $ExtIfSTO queue (i_bulk, i_ack) tagged BULK
pass out log on $ExtIf inet proto tcp from ($ExtIf) \
to <bgnets> $TcpState $ExtIfSTO queue (b_bulk, b_ack) tagged BULK
pass out log on $ExtIf inet proto tcp from ($ExtIf) \
to <isp> $TcpState $ExtIfSTO queue (isp_bulk, isp_ack) tagged BULK
### Queue default (i_bittor & b_bittor & isp_bulk) ###
pass out log on $ExtIf inet proto tcp from ($ExtIf) \
to any $TcpState $ExtIfSTO queue (i_bittor, i_ack) tagged BITTOR
pass out log on $ExtIf inet proto tcp from ($ExtIf) \
to <bgnets> $TcpState $ExtIfSTO queue (b_bittor, b_ack) tagged BITTOR
pass out log on $ExtIf inet proto tcp from ($ExtIf) \
to <isp> $TcpState $ExtIfSTO queue (isp_bulk, isp_ack) tagged BITTOR
### Queue ssh (i_ssh)
pass out log on $ExtIf inet proto tcp from ($ExtIf) \
to !<bgnets> port ssh $TcpState $ExtIfSTO queue i_ssh
### SELF ###
pass out log on $ExtIf inet proto tcp from ($ExtIf) \
to any $TcpState queue i_bulk tagged SELF
pass out log on $ExtIf inet proto tcp from ($ExtIf) \
to <bgnets> $TcpState queue b_bulk tagged SELF
pass out log on $ExtIf inet proto tcp from ($ExtIf) \
to <isp> $TcpState queue isp_bulk tagged SELF
### ntp.bsdbg.net ###
pass out log on $ExtIf inet proto tcp from ($ExtIf) \
to any $TcpState queue i_ntp tagged NTP
pass out log on $ExtIf inet proto tcp from ($ExtIf) \
to <bgnets> $TcpState queue b_ntp tagged NTP
pass out log on $ExtIf inet proto tcp from ($ExtIf) \
to <isp> $TcpState queue isp_bulk tagged NTP
#################
# UDP #
#################
### Queue bulk (i_bulk & b_bulk)
pass out log on $ExtIf inet proto udp from ($ExtIf) \
to any $UdpState $ExtIfSTO queue i_bulk tagged BULK
pass out log on $ExtIf inet proto udp from ($ExtIf) \
to <bgnets> $UdpState $ExtIfSTO queue b_bulk tagged BULK
pass out log on $ExtIf inet proto udp from ($ExtIf) \
to <isp> $UdpState $ExtIfSTO queue isp_bulk tagged BULK
### Queue torrent (i_bittor & b_bittor)
pass out log on $ExtIf inet proto udp from ($ExtIf) \
to any $UdpState $ExtIfSTO queue i_bittor tagged BITTOR
pass out log on $ExtIf inet proto udp from ($ExtIf) \
to <bgnets> $UdpState $ExtIfSTO queue b_bittor tagged BITTOR
pass out log on $ExtIf inet proto udp from ($ExtIf) \
to <isp> $UdpState $ExtIfSTO queue isp_bulk tagged BITTOR
### Queue dns (i_dns & b_dns)
pass out log on $ExtIf inet proto udp from ($ExtIf) \
to any port domain $UdpState queue i_dns
pass out log on $ExtIf inet proto udp from ($ExtIf) \
to <bgnets> port domain $UdpState queue b_dns
pass out log on $ExtIf inet proto udp from ($ExtIf) \
to <isp> port domain $UdpState queue isp_bulk
### Queue ntp (i_ntp & b_ntp)
pass out log on $ExtIf inet proto udp from ($ExtIf) \
to any $UdpState queue i_ntp tagged NTP
pass out log on $ExtIf inet proto udp from ($ExtIf) \
to <bgnets> $UdpState queue b_ntp tagged NTP
pass out log on $ExtIf inet proto udp from ($ExtIf) \
to <isp> $UdpState queue isp_bulk tagged NTP
### Battle.net ###
pass out log on $ExtIf inet proto udp from ($ExtIf) \
to <bgnets> port $bnet $UdpState queue b_ack
### Ping ###
pass out log (all) on $ExtIf inet proto icmp from ($ExtIf) \
to any $UdpState queue i_dns
pass out log (all) on $ExtIf inet proto icmp from ($ExtIf) \
to <bgnets> $UdpState queue b_dns
pass out log (all) on $ExtIf inet proto icmp from ($ExtIf) \
to <isp> $UdpState queue isp_ack
### SELF ###
pass out log on $ExtIf inet proto udp from ($ExtIf) \
to any $UdpState queue i_bulk tagged SELF
pass out log on $ExtIf inet proto udp from ($ExtIf) \
to <bgnets> $UdpState queue b_bulk tagged SELF
pass out log on $ExtIf inet proto udp from ($ExtIf) \
to <isp> $UdpState queue isp_bulk tagged SELF
pass out log on $ExtIf inet proto icmp from ($ExtIf) \
to any $UdpState tagged SELF
### End $ExtIf outbound ###########
################################ END ##############################
My dmesg
##############
DMESG
##############
OpenBSD 4.7-stable (NS) #1: Wed Aug 18 21:28:32 EEST 2010
[email protected]:/usr/src/sys/arch/amd64/compile/NS
real mem = 1054801920 (1005MB)
avail mem = 1015279616 (968MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf0000 (70 entries)
bios0: vendor Phoenix Technologies, LTD version "ASUS M2NPV-VM ACPI BIOS
Revision 1301" date 02/05/2008
bios0: ASUSTek Computer INC. M2NPV-VM
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP MCFG APIC
acpi0: wakeup devices HUB0(S5) XVRA(S5) XVRB(S5) XVRC(S5) UAR1(S5) UAR2(S5)
PS2M(S4) PS2K(S4) USB0(S4) USB2(S4) AZAD(S5) MMAC(S5) MMCI(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Sempron(tm) Processor 3200+, 1804.00 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 128KB
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 200MHz
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (HUB0)
acpicpu0 at acpi0
acpitz0 at acpi0: critical temperature 75 degC
acpibtn0 at acpi0: PWRB
aibs0 at acpi0
aibs0: FSIF: misformed package: 3/5, assume 5
pci0 at mainbus0 bus 0
"NVIDIA C51 Host" rev 0xa2 at pci0 dev 0 function 0 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 1 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 2 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 3 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 4 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 5 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 6 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 7 not configured
vga1 at pci0 dev 5 function 0 "NVIDIA GeForce 6150" rev 0xa2
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"NVIDIA MCP51 Host" rev 0xa2 at pci0 dev 9 function 0 not configured
pcib0 at pci0 dev 10 function 0 "NVIDIA MCP51 ISA" rev 0xa3
nviic0 at pci0 dev 10 function 1 "NVIDIA MCP51 SMBus" rev 0xa3
iic0 at nviic0
spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-5300CL5
spdmem1 at iic0 addr 0x51: 512MB DDR2 SDRAM non-parity PC2-5300CL5
iic1 at nviic0
"NVIDIA MCP51 Memory" rev 0xa3 at pci0 dev 10 function 2 not configured
pciide0 at pci0 dev 13 function 0 "NVIDIA MCP51 IDE" rev 0xa1: DMA, channel
0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: <WDC WD800JB-00JJC0>
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
ppb0 at pci0 dev 16 function 0 "NVIDIA MCP51 PCI-PCI" rev 0xa2
pci1 at ppb0 bus 1
em0 at pci1 dev 8 function 0 "Intel PRO/1000MT (82540EM)" rev 0x02: apic 2
int 16 (irq 10), address 00:07:e9:10:32:a8
em1 at pci1 dev 9 function 0 "Intel PRO/1000MT (82540EM)" rev 0x02: apic 2
int 17 (irq 11), address 00:07:e9:10:2a:20
pchb0 at pci0 dev 24 function 0 "AMD AMD64 0Fh HyperTransport" rev 0x00
pchb1 at pci0 dev 24 function 1 "AMD AMD64 0Fh Address Map" rev 0x00
pchb2 at pci0 dev 24 function 2 "AMD AMD64 0Fh DRAM Cfg" rev 0x00
kate0 at pci0 dev 24 function 3 "AMD AMD64 0Fh Misc Cfg" rev 0x00: core rev
DH-F2
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
it0 at isa0 port 0x2e/2: IT8716F rev 1, EC port 0x290
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
