Hy Folks,
I am experiencing very strange Problems with pf (OpenBSD-current).
I wanted to set up a OpenBSD-Firewall -- Linux/snort IDS Combo
using the dup-to feature to feed the IDS with the relevant Parts
of the traffic.
Here comes some ASCII-Art:
192.168.1.2 192.168.1.1
+---------------+ +-------------+
| OpenBSD 3.2 |fxp2 (X-Cable) | Linux 2.4 |
| +-------------------+ (snort) |
+-+-------+-----+ +-------+-----+
fxp0| fxp1| |
| | |
| | |
| | |
| | |
INTERNET LAN LAN
[quote from /etc/pf.conf]
pass in quick on fxp0 dup-to (fxp2 192.168.1.1) inet \
from any to any flags S/SA modulate state
pass out quick on fxp0 dup-to (fxp2 192.168.1.1) inet \
from any to any flags S/SA modulate state
pass in quick on fxp1 dup-to (fxp2 192.168.1.1) inet \
from any to any flags S/SA modulate state
pass out quick on fxp1 dup-to (fxp2 192.168.1.1) inet \
from any to any flags S/SA modulate state
[quote off]
If I use this rulesset it takes a long time for a TCP-Session
to be established.
Pinging the same host behaves normal with or without "dup-to"
enabled.
[quote wget - dup-to disabled]
frodo:/home/tiffy# time wget www.heise.de
--13:23:28-- http://www.heise.de/
=> `index.html'
Resolving www.heise.de... done.
Connecting to www.heise.de[193.99.144.71]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
13:23:28 (768.46 KB/s) - `index.html' saved [24394]
real 0m0.062s
user 0m0.000s
sys 0m0.000s
[quote off]
[quote wget - dup-to enabled]
frodo:/home/tiffy# time wget www.heise.de
--13:23:50-- http://www.heise.de/
=> `index.html.1'
Resolving www.heise.de... done.
Connecting to
www.heise.de[193.99.144.71]:80... [HANGS HERE] connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
13:23:53 (722.54 KB/s) - `index.html.1' saved [24416]
real 0m3.062s
user 0m0.000s
sys 0m0.000s
[quote off]
Any Ideas? I don't have any :-(
thanks, and a nice week.
Richard
--
Richard Mueller mailto:mueller@;teamix.net Fon: +49 9171 896287
Teamix GmbH http://www.teamix.de Fax: +49 9171 896286
