Re: ipf Kernel Panic log.. w/ Vonage linksys RT31P2, 5.4 Stable, IPF + IPNAT
Hello, if your Vonage linksys RT31P2 talks H323 try /usr/ports/net/gatekeeper in proxy mode. Cheers, Vladimir Botka On Sun, 12 Jun 2005, Damon Hopkins wrote: I can reproduce this very easily.. I pick up my phone and make a call Current Setup Cable Modem---FreeBSD 5.4 Stable---HUB--Machines \--Vonage Linksys RT31P2 I've tried various nap rules and ipf filter settings.. here are the current mappings and setup.. the kernel is GENERIC w/ the debuggong stuff put in it. IPNAT RULES map vr0 10.69.0.0/24 - 0/32 proxy port ftp ftp/tcp map vr0 10.69.0.0/24 - 0/32 - IPF RULES - pass in quick on lo0 proto tcp from any to any flags S keep state pass in quick on lo0 proto udp from any to any keep state pass in quick on lo0 proto icmp from any to any keep state pass in quick on lo0 all keep state pass out quick on lo0 proto tcp from any to any flags S keep state pass out quick on lo0 proto udp from any to any keep state pass out quick on lo0 proto icmp from any to any keep state pass out quick on lo0 all keep state pass in quick on rl0 proto tcp from any to any flags S keep state pass in log first quick on rl0 proto udp from any to any keep state pass in log first quick on rl0 proto icmp from any to any keep state keep frags pass in quick on rl0 all keep state pass out quick on rl0 proto tcp from any to any flags S keep state pass out log first quick on rl0 proto udp from any to any keep state pass out log first quick on rl0 proto icmp from any to any keep state keep frags pass out quick on rl0 all keep state pass in quick on vr0 proto tcp from any to any flags S keep state keep frags pass in quick on vr0 proto udp from any to any keep state keep frags pass in log first quick on vr0 proto icmp from any to any keep state keep frags pass in quick on vr0 all keep state keep frags pass out quick on vr0 proto tcp from any to any flags S keep state keep frags pass out quick on vr0 proto udp from any to any keep state keep frags pass out log first quick on vr0 proto icmp from any to any keep state keep frags pass out quick on vr0 all keep state keep frags pass in quick on ng0 proto tcp from any to any flags S keep state pass in quick on ng0 proto udp from any to any keep state pass in log first quick on ng0 proto icmp from any to any keep state pass in quick on ng0 all keep state pass out quick on ng0 proto tcp from any to any flags S keep state pass out quick on ng0 proto udp from any to any keep state pass out log first quick on ng0 proto icmp from any to any keep state pass out quick on ng0 all keep state SNIP MORE ng rules form my other VPNS /SNIP I've also just tried to pass everything pass in quick on vr0 all pass out quick on vr0 all but that didn't help any I've notices a lot of UDP traffic from the linksys adapter durring a phone call.. Thanks Guys.. I hope this gets fixes real fast cause my old number goes away in a few days and this is not going to be fun.. I can't put the linksys adapter in front of the firewall because it doesn't route my VPN's.. we use MPD and bgpd (zebra) Later, Damon Hopkins - DEBUG OUTPUT -- Fatal trap 12: page fault while in kernel mode fault virtual address = 0xc fault code = supervisor read, page not present instruction pointer = 0x8:0xc0651550 stack pointer = 0x10:0xd3d46aec frame pointer = 0x10:0xd3d46af8 code segment= base 0x0, limit 0xfm type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags= interrupt enabled, resume, IOPL = 0 current process = 27 (swi1:net) [thread pid 27 tid 100021 ] Stopped at m_copydata+0x28: movl0xc(%esi),%eax db examine m_copydata+0x28:290c468b db trace Tracing pid 27 tid 100021 td 0xc15a4180 mcopydata(c17fa400,0,38,c193abc0,0) at m_copydata+0x28 ipllog(0,d3d46bc8,d3d46b50,d3d46b48,d3d46b40) at ipllog+0x1f1 ipflog(105819,c17fa450,d3d46bc8,c17fa400,0) at ipflog+0x18f fr_check(c17fa450,14,c16c6000,0,d3d46c70) at fr_check+0xc6c fr_check_wrapper(0,d3d46c70,c16c6000,1,0) at fr_check_wrapper+0x2a pfil_run_hooks(c08fa5c0,d3d46cbc,c16c600,1,0) at pfil_run_hooks+0xeb ip_input(c17fa400) at ip_input+0x211 netisr_processqueue(c08f9858) at netisr_processqueue+0x9f swi_net(0) at swi_net+0xee ithread_loop(c159a500,d3d46d38) at ithread_loop+0x151 fork_exit(c0609f4c,c159a500,d3d46d38) at fork_exit+0x74 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip = 0, esp = 0xd3d46d6c, ebp = 0 --- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipf Kernel Panic log.. w/ Vonage linksys RT31P2, 5.4 Stable, IPF + IPNAT
The Vonage RT31P2 does not talk H.323, and it's not necessary to do anything other than plain vanilla NAT to have it work through a firewall. That is, no port forwarding, no SIP payload re-writing, etc. Just plain vanilla NAT for both the SIP signaling and the RTP payload will be all that's necessary. I use ipfw with my Vonage service, but there's nothing special that I do for NAT. I don't do ipf.. Louis Mamakos Vladimir Botka wrote: Hello, if your Vonage linksys RT31P2 talks H323 try /usr/ports/net/gatekeeper in proxy mode. Cheers, Vladimir Botka On Sun, 12 Jun 2005, Damon Hopkins wrote: I can reproduce this very easily.. I pick up my phone and make a call Current Setup Cable Modem---FreeBSD 5.4 Stable---HUB--Machines \--Vonage Linksys RT31P2 I've tried various nap rules and ipf filter settings.. here are the current mappings and setup.. the kernel is GENERIC w/ the debuggong stuff put in it. IPNAT RULES map vr0 10.69.0.0/24 - 0/32 proxy port ftp ftp/tcp map vr0 10.69.0.0/24 - 0/32 - IPF RULES - pass in quick on lo0 proto tcp from any to any flags S keep state pass in quick on lo0 proto udp from any to any keep state pass in quick on lo0 proto icmp from any to any keep state pass in quick on lo0 all keep state pass out quick on lo0 proto tcp from any to any flags S keep state pass out quick on lo0 proto udp from any to any keep state pass out quick on lo0 proto icmp from any to any keep state pass out quick on lo0 all keep state pass in quick on rl0 proto tcp from any to any flags S keep state pass in log first quick on rl0 proto udp from any to any keep state pass in log first quick on rl0 proto icmp from any to any keep state keep frags pass in quick on rl0 all keep state pass out quick on rl0 proto tcp from any to any flags S keep state pass out log first quick on rl0 proto udp from any to any keep state pass out log first quick on rl0 proto icmp from any to any keep state keep frags pass out quick on rl0 all keep state pass in quick on vr0 proto tcp from any to any flags S keep state keep frags pass in quick on vr0 proto udp from any to any keep state keep frags pass in log first quick on vr0 proto icmp from any to any keep state keep frags pass in quick on vr0 all keep state keep frags pass out quick on vr0 proto tcp from any to any flags S keep state keep frags pass out quick on vr0 proto udp from any to any keep state keep frags pass out log first quick on vr0 proto icmp from any to any keep state keep frags pass out quick on vr0 all keep state keep frags pass in quick on ng0 proto tcp from any to any flags S keep state pass in quick on ng0 proto udp from any to any keep state pass in log first quick on ng0 proto icmp from any to any keep state pass in quick on ng0 all keep state pass out quick on ng0 proto tcp from any to any flags S keep state pass out quick on ng0 proto udp from any to any keep state pass out log first quick on ng0 proto icmp from any to any keep state pass out quick on ng0 all keep state SNIP MORE ng rules form my other VPNS /SNIP I've also just tried to pass everything pass in quick on vr0 all pass out quick on vr0 all but that didn't help any I've notices a lot of UDP traffic from the linksys adapter durring a phone call.. Thanks Guys.. I hope this gets fixes real fast cause my old number goes away in a few days and this is not going to be fun.. I can't put the linksys adapter in front of the firewall because it doesn't route my VPN's.. we use MPD and bgpd (zebra) Later, Damon Hopkins - DEBUG OUTPUT -- Fatal trap 12: page fault while in kernel mode fault virtual address= 0xc fault code= supervisor read, page not present instruction pointer= 0x8:0xc0651550 stack pointer= 0x10:0xd3d46aec frame pointer= 0x10:0xd3d46af8 code segment= base 0x0, limit 0xfm type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags= interrupt enabled, resume, IOPL = 0 current process= 27 (swi1:net) [thread pid 27 tid 100021 ] Stopped at m_copydata+0x28:movl0xc(%esi),%eax db examine m_copydata+0x28:290c468b db trace Tracing pid 27 tid 100021 td 0xc15a4180 mcopydata(c17fa400,0,38,c193abc0,0) at m_copydata+0x28 ipllog(0,d3d46bc8,d3d46b50,d3d46b48,d3d46b40) at ipllog+0x1f1 ipflog(105819,c17fa450,d3d46bc8,c17fa400,0) at ipflog+0x18f fr_check(c17fa450,14,c16c6000,0,d3d46c70) at fr_check+0xc6c fr_check_wrapper(0,d3d46c70,c16c6000,1,0) at fr_check_wrapper+0x2a pfil_run_hooks(c08fa5c0,d3d46cbc,c16c600,1,0) at pfil_run_hooks+0xeb ip_input(c17fa400) at ip_input+0x211 netisr_processqueue(c08f9858) at netisr_processqueue+0x9f swi_net(0) at swi_net+0xee ithread_loop(c159a500,d3d46d38) at ithread_loop+0x151 fork_exit(c0609f4c,c159a500,d3d46d38) at fork_exit+0x74 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip = 0, esp = 0xd3d46d6c,
ipf Kernel Panic log.. w/ Vonage linksys RT31P2, 5.4 Stable, IPF + IPNAT
I can reproduce this very easily.. I pick up my phone and make a call Current Setup Cable Modem---FreeBSD 5.4 Stable---HUB--Machines \--Vonage Linksys RT31P2 I've tried various nap rules and ipf filter settings.. here are the current mappings and setup.. the kernel is GENERIC w/ the debuggong stuff put in it. IPNAT RULES map vr0 10.69.0.0/24 - 0/32 proxy port ftp ftp/tcp map vr0 10.69.0.0/24 - 0/32 - IPF RULES - pass in quick on lo0 proto tcp from any to any flags S keep state pass in quick on lo0 proto udp from any to any keep state pass in quick on lo0 proto icmp from any to any keep state pass in quick on lo0 all keep state pass out quick on lo0 proto tcp from any to any flags S keep state pass out quick on lo0 proto udp from any to any keep state pass out quick on lo0 proto icmp from any to any keep state pass out quick on lo0 all keep state pass in quick on rl0 proto tcp from any to any flags S keep state pass in log first quick on rl0 proto udp from any to any keep state pass in log first quick on rl0 proto icmp from any to any keep state keep frags pass in quick on rl0 all keep state pass out quick on rl0 proto tcp from any to any flags S keep state pass out log first quick on rl0 proto udp from any to any keep state pass out log first quick on rl0 proto icmp from any to any keep state keep frags pass out quick on rl0 all keep state pass in quick on vr0 proto tcp from any to any flags S keep state keep frags pass in quick on vr0 proto udp from any to any keep state keep frags pass in log first quick on vr0 proto icmp from any to any keep state keep frags pass in quick on vr0 all keep state keep frags pass out quick on vr0 proto tcp from any to any flags S keep state keep frags pass out quick on vr0 proto udp from any to any keep state keep frags pass out log first quick on vr0 proto icmp from any to any keep state keep frags pass out quick on vr0 all keep state keep frags pass in quick on ng0 proto tcp from any to any flags S keep state pass in quick on ng0 proto udp from any to any keep state pass in log first quick on ng0 proto icmp from any to any keep state pass in quick on ng0 all keep state pass out quick on ng0 proto tcp from any to any flags S keep state pass out quick on ng0 proto udp from any to any keep state pass out log first quick on ng0 proto icmp from any to any keep state pass out quick on ng0 all keep state SNIP MORE ng rules form my other VPNS /SNIP I've also just tried to pass everything pass in quick on vr0 all pass out quick on vr0 all but that didn't help any I've notices a lot of UDP traffic from the linksys adapter durring a phone call.. Thanks Guys.. I hope this gets fixes real fast cause my old number goes away in a few days and this is not going to be fun.. I can't put the linksys adapter in front of the firewall because it doesn't route my VPN's.. we use MPD and bgpd (zebra) Later, Damon Hopkins - DEBUG OUTPUT -- Fatal trap 12: page fault while in kernel mode fault virtual address = 0xc fault code = supervisor read, page not present instruction pointer = 0x8:0xc0651550 stack pointer = 0x10:0xd3d46aec frame pointer = 0x10:0xd3d46af8 code segment= base 0x0, limit 0xfm type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags= interrupt enabled, resume, IOPL = 0 current process = 27 (swi1:net) [thread pid 27 tid 100021 ] Stopped at m_copydata+0x28: movl0xc(%esi),%eax db examine m_copydata+0x28:290c468b db trace Tracing pid 27 tid 100021 td 0xc15a4180 mcopydata(c17fa400,0,38,c193abc0,0) at m_copydata+0x28 ipllog(0,d3d46bc8,d3d46b50,d3d46b48,d3d46b40) at ipllog+0x1f1 ipflog(105819,c17fa450,d3d46bc8,c17fa400,0) at ipflog+0x18f fr_check(c17fa450,14,c16c6000,0,d3d46c70) at fr_check+0xc6c fr_check_wrapper(0,d3d46c70,c16c6000,1,0) at fr_check_wrapper+0x2a pfil_run_hooks(c08fa5c0,d3d46cbc,c16c600,1,0) at pfil_run_hooks+0xeb ip_input(c17fa400) at ip_input+0x211 netisr_processqueue(c08f9858) at netisr_processqueue+0x9f swi_net(0) at swi_net+0xee ithread_loop(c159a500,d3d46d38) at ithread_loop+0x151 fork_exit(c0609f4c,c159a500,d3d46d38) at fork_exit+0x74 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip = 0, esp = 0xd3d46d6c, ebp = 0 --- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipf Kernel Panic log.. w/ Vonage linksys RT31P2, 5.4 Stable, IPF + IPNAT
Hi Damon, Am 12.06.2005 um 23:02 schrieb Damon Hopkins: Tracing pid 27 tid 100021 td 0xc15a4180 mcopydata(c17fa400,0,38,c193abc0,0) at m_copydata+0x28 ipllog(0,d3d46bc8,d3d46b50,d3d46b48,d3d46b40) at ipllog+0x1f1 ipflog(105819,c17fa450,d3d46bc8,c17fa400,0) at ipflog+0x18f fr_check(c17fa450,14,c16c6000,0,d3d46c70) at fr_check+0xc6c fr_check_wrapper(0,d3d46c70,c16c6000,1,0) at fr_check_wrapper+0x2a pfil_run_hooks(c08fa5c0,d3d46cbc,c16c600,1,0) at pfil_run_hooks+0xeb ip_input(c17fa400) at ip_input+0x211 netisr_processqueue(c08f9858) at netisr_processqueue+0x9f swi_net(0) at swi_net+0xee ithread_loop(c159a500,d3d46d38) at ithread_loop+0x151 fork_exit(c0609f4c,c159a500,d3d46d38) at fork_exit+0x74 fork_trampoline() at fork_trampoline+0x8 Yes, I have the same problem, see PR: 81324. ipfilter on 5.x seems to be quite unstable, I have switched to PF :-( regards tilman PGP.sig Description: Signierter Teil der Nachricht
