subject:"Re\: Arpresolve route without link local address"

Re: Arpresolve route without link local address

2013-01-24 Thread Атанас Владимиров

Hi,
I added those two lines after block lines in my pf.conf:


 pass quick from (self) to 94.26.7.0/24 set queue b_ack
 pass quick from 94.26.7.0/24 to (self) set queue b_ack


 I'm still get the same error. Also I found that permanent static MAC
disappear when dhclient recieve a leases from my ISP DHCP server. In fact
every static MAC that I set is gone after dhclient leases. Is that normal?

[ns]~$ cat /etc/ether.mac
XX.XX.XX.33 00:50:45:5f:16:58 permanent
192.168.1.2 6c:f0:49:00:7f:9b permanent

[ns]~$ sudo arp -da  sudo arp -Ff /etc/ether.mac

[ns]~$ arp -na
? (XX.XX.XX.33) at 00:50:45:5f:16:58 on em0 permanent static
? (192.168.1.2) at 6c:f0:49:00:7f:9b on vlan41 permanent static

After 5 min, when dhclient recieve leases:

[ns]~$ arp -na
? (XX.XX.XX.33) at 00:50:45:5f:16:58 on em0
? (192.168.1.2) at 6c:f0:49:00:7f:9b on vlan41

Vlan41 is on top of em1. Shoud I report this behavior as bug?

dmesg:
OpenBSD 5.2-current (GENERIC) #19: Mon Jan 21 17:55:18 MST 2013
t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(TM) XP1600+ (AuthenticAMD 686-class, 256KB L2 cache)
1.42 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,MMXX,3DNOW2,3DNOW
real mem  = 402112512 (383MB)
avail mem = 384552960 (366MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 03/03/03, BIOS32 rev. 0 @ 0xf0d00,
SMBIOS rev. 2.3 @ 0xf2bc0 (46 entries)
bios0: vendor Award Software, Inc. version ASUS A7V266-C ACPI BIOS Rev
1014 date 03/03/2003
bios0: ASUSTeK Computer INC. A7V266-C
apm0 at bios0: Power Management spec V1.2
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf/0x1572
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf14b0/192 (10 entries)
pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C586 ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xcc000/0x1000
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 VIA VT8366 PCI rev 0x00
viaagp0 at pchb0: v2
agp0 at viaagp0: aperture at 0xfe80, size 0xe40
ppb0 at pci0 dev 1 function 0 VIA VT8366 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci0 dev 12 function 0 S3 ViRGE DX/GX rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
em0 at pci0 dev 13 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq
11, address 00:07:e9:10:32:a8
em1 at pci0 dev 15 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq
10, address 00:07:e9:10:2a:20
viapm0 at pci0 dev 17 function 0 VIA VT8233A ISA rev 0x00: SMI
iic0 at viapm0
lm1 at iic0 addr 0x2d: AS99127F
viapm0: 24-bit timer at 3579545Hz
pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA133,
channel 0 configured to compatibility, channel 1 configured to compatibilit
y
wd0 at pciide0 channel 0 drive 0: WDC WD800JB-00ETA0
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
uhci0 at pci0 dev 17 function 2 VIA VT83C572 USB rev 0x23: irq 12
uhci1 at pci0 dev 17 function 3 VIA VT83C572 USB rev 0x23: irq 12
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 VIA UHCI root hub rev 1.00/1.00 addr 1
usb1 at uhci1: USB revision 1.0
uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1
isa0 at mainbus0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
scsibus1 at softraid0: 256 targets
root on wd0a swap on wd0b dump on wd0b

Re: Arpresolve route without link local address

2013-01-16 Thread mxb

Take a step back and ever disable PF or put pass keep state (e.g. simple 
rules) and see if you can reproduce this problem.

//mxb

On 14 jan 2013, at 21:38, Атанас Владимиров don.na...@gmail.com wrote:

 Hi,
 Today I upgraded to 11.01.2013 snapshot and I'm still get the same error.
 I have permanent static for my default route.
 
 [ns]~$ sudo /usr/sbin/arp -Ff /etc/ether.mac
 
 [ns]~$ cat /etc/ether.mac
 XX.XX.XX.33 00:50:45:5f:16:58 permanent
 
 [ns]~$ arp -a
 gw.xx.xx (XX.XX.XX.33) at 00:50:45:5f:16:58 on em0 permanent static
 
 After a while:
 [ns]~$ arp -a
 gw.xx.xx (XX.XX.XX.33) at 00:50:45:5f:16:58 on em0
 
 the permanent static arp disappear.
 
 /var/log/messages:
 Jan 14 20:46:47 ns /bsd: arpresolve: XX.XX.7.33: route without link local
 address
 Jan 14 20:51:47 ns last message repeated 42 times
 
 /var/log/daemon:
 Jan 14 20:46:47 ns dhclient[2970]: DHCPREQUEST on em0 to XX.XX.7.1 port 67
 Jan 14 20:46:47 ns dhclient[2970]: DHCPACK from XX.XX.7.33
 (00:50:45:5f:16:58)
 Jan 14 20:46:47 ns dhclient[2970]: bound to XX.XX.7.48 -- renewal in 300
 seconds.
 
 Here is my pf.conf
 
 [ns]~$ sudo cat /etc/pf.conf
 
 
  Macros
 ###
 
 ### Interfaces ###
 ExtIf =em0
 IntIf =vlan41
 Free  =vlan81
 pppx  =192.168.3.0/25
 lo0   =127.0.0.1
 
 ### Hosts ###
 vl=192.168.1.2
 jl=192.168.1.3
 ve=192.168.1.4
 ntp=192.168.1.5
 sam=192.168.1.14
 dpc11=192.168.1.11
 
 ### Ports ###
 low_ports = 0:1024
 hi_ports  = 1025:65535
 web   = {20, 21, 22, 25, 80, 443, 3389, 5900, 6000, , 8080}
 ssh_extif = 
 rdc   = 3389
 rdc_extif = 4900
 squid = 8080
 squid_extif = 443
 vl_skype  = 30001
 jl_skype  = 30002
 ve_skype  = 30003
 vl_torrent= 30004
 jl_torrent= 30005
 ve_torrent= 30006
 vl_hfs= 8081
 ftp_proxy = 8021
 symux = 2100
 ftp   = 21
 vnc_ext   = 59001
 vnc_int   = 5900
 sftp  = 2
 l2tp  = { 500, 1701, 4500 }
 trace = 33434:33498
 ### Queues, States and Types ###
 IcmpType =icmp-type 8 code 0
 SynState =flags S/SAFR synproxy state
 
 ### Tables ###
  table bgnets file /etc/bgnets
  table spamd-white persist
  table proxy-users persist { 188.254.185.154, 212.50.72.29,
 85.217.136.0/21, \
 95.111.100.14, 212.233.176.65, 78.128.124.161, 190.32.172.28 }
 ##  panama
  table isp persist { 94.26.7.32/27 }
  table BLOCK persist { 82.119.88.70 }
 
  Options
 ##
 ### Misc Options
 set block-policy drop
 set loginterface $ExtIf
 set skip on lo0
 set optimization aggressive
 # set state-defaults pflow
 
  Queueing
 
 
 altq on $ExtIf bandwidth 100% hfsc queue { BG, INTER }
  queue INTER bandwidth 3% hfsc (upperlimit 2950Kb) \
 { i_ack, i_dns, i_ntp, i_web, i_bulk, i_bittor }
queue i_ack bandwidth 30% priority 8 qlimit 500 hfsc (realtime
 30%)
queue i_dns bandwidth  5% priority 7 qlimit 500 hfsc (realtime
 10%)
queue i_ntp bandwidth 10% priority 6 qlimit 500 hfsc (realtime
 10%)
queue i_web bandwidth 30% priority 5 qlimit 500 hfsc (realtime
 20%)
queue i_bulkbandwidth 19% priority 2 qlimit 500 hfsc (realtime
 15%)
queue i_bittor  bandwidth  1% priority 0 qlimit 2000 hfsc (default,
 upperlimit 60%)
 
  queue BG bandwidth 30% hfsc (upperlimit 30Mb) \
 { b_ack, b_dns, b_ntp, b_rdc, b_web, b_bulk, b_bittor }
queue b_ack bandwidth 10% priority 8 qlimit 500 hfsc (realtime
 10%)
queue b_dns bandwidth 1%  priority 7 qlimit 500 hfsc (realtime
 1% )
queue b_ntp bandwidth 10% priority 7 qlimit 500 hfsc (realtime
 1% )
queue b_rdc bandwidth 10% priority 6 qlimit 500 hfsc (realtime
 10%)
queue b_web bandwidth 30% priority 5 qlimit 500 hfsc (realtime
 30%)
queue b_bulkbandwidth 30% priority 4 qlimit 500 hfsc (realtime
 10%)
queue b_bittor  bandwidth 1%  priority 0 qlimit 500 hfsc
 (upperlimit 85%)
 
  Translation and Filtering
 ###
 
 ### BLOCK all in/out on all interfaces by default and log
 blocklog on $ExtIf
 block return log on $IntIf
 block return log on $Free
 block quick  log on $ExtIf from BLOCK
 
 ### Network Address Translation (NAT with outgoing source port
 randomization)
 match out log on egress from (self) \
to any nat-to ($ExtIf:0) port 1024:65535
 match out log on egress from !($ExtIf:0) \
to any nat-to ($ExtIf:0) port 1024:65535
 
 ### NAT from IntIf to FreeWifi
 match out log on $Free from $IntIf:network \
to $Free:network nat-to ($Free:0) port 1024:65535
 
 ### Packet normalization ( scrubbing )
 match log on $ExtIf all scrub (random-id max-mss 1472)
 
 ### Ftp ( secure ftp proxy for LAN )
 anchor ftp-proxy/*
 
 ### pppx
 pass log from $pppx
 
 ### $ExtIf inbound 
 
 # npppd
  pass in

Re: Arpresolve route without link local address

2013-01-14 Thread Атанас Владимиров

Hi,
Today I upgraded to 11.01.2013 snapshot and I'm still get the same error.
I have permanent static for my default route.

[ns]~$ sudo /usr/sbin/arp -Ff /etc/ether.mac

[ns]~$ cat /etc/ether.mac
XX.XX.XX.33 00:50:45:5f:16:58 permanent

[ns]~$ arp -a
gw.xx.xx (XX.XX.XX.33) at 00:50:45:5f:16:58 on em0 permanent static

After a while:
[ns]~$ arp -a
gw.xx.xx (XX.XX.XX.33) at 00:50:45:5f:16:58 on em0

the permanent static arp disappear.

/var/log/messages:
Jan 14 20:46:47 ns /bsd: arpresolve: XX.XX.7.33: route without link local
address
Jan 14 20:51:47 ns last message repeated 42 times

/var/log/daemon:
Jan 14 20:46:47 ns dhclient[2970]: DHCPREQUEST on em0 to XX.XX.7.1 port 67
Jan 14 20:46:47 ns dhclient[2970]: DHCPACK from XX.XX.7.33
(00:50:45:5f:16:58)
Jan 14 20:46:47 ns dhclient[2970]: bound to XX.XX.7.48 -- renewal in 300
seconds.

Here is my pf.conf

[ns]~$ sudo cat /etc/pf.conf


 Macros
###

### Interfaces ###
 ExtIf =em0
 IntIf =vlan41
 Free  =vlan81
 pppx  =192.168.3.0/25
 lo0   =127.0.0.1

### Hosts ###
 vl=192.168.1.2
 jl=192.168.1.3
 ve=192.168.1.4
 ntp=192.168.1.5
 sam=192.168.1.14
 dpc11=192.168.1.11

### Ports ###
 low_ports = 0:1024
 hi_ports  = 1025:65535
 web   = {20, 21, 22, 25, 80, 443, 3389, 5900, 6000, , 8080}
 ssh_extif = 
 rdc   = 3389
 rdc_extif = 4900
 squid = 8080
 squid_extif = 443
 vl_skype  = 30001
 jl_skype  = 30002
 ve_skype  = 30003
 vl_torrent= 30004
 jl_torrent= 30005
 ve_torrent= 30006
 vl_hfs= 8081
 ftp_proxy = 8021
 symux = 2100
 ftp   = 21
 vnc_ext   = 59001
 vnc_int   = 5900
 sftp  = 2
 l2tp  = { 500, 1701, 4500 }
 trace = 33434:33498
### Queues, States and Types ###
 IcmpType =icmp-type 8 code 0
 SynState =flags S/SAFR synproxy state

### Tables ###
  table bgnets file /etc/bgnets
  table spamd-white persist
  table proxy-users persist { 188.254.185.154, 212.50.72.29,
85.217.136.0/21, \
 95.111.100.14, 212.233.176.65, 78.128.124.161, 190.32.172.28 }
##  panama
  table isp persist { 94.26.7.32/27 }
  table BLOCK persist { 82.119.88.70 }

 Options
##
### Misc Options
 set block-policy drop
 set loginterface $ExtIf
 set skip on lo0
 set optimization aggressive
# set state-defaults pflow

 Queueing


 altq on $ExtIf bandwidth 100% hfsc queue { BG, INTER }
  queue INTER bandwidth 3% hfsc (upperlimit 2950Kb) \
 { i_ack, i_dns, i_ntp, i_web, i_bulk, i_bittor }
queue i_ack bandwidth 30% priority 8 qlimit 500 hfsc (realtime
30%)
queue i_dns bandwidth  5% priority 7 qlimit 500 hfsc (realtime
10%)
queue i_ntp bandwidth 10% priority 6 qlimit 500 hfsc (realtime
10%)
queue i_web bandwidth 30% priority 5 qlimit 500 hfsc (realtime
20%)
queue i_bulkbandwidth 19% priority 2 qlimit 500 hfsc (realtime
15%)
queue i_bittor  bandwidth  1% priority 0 qlimit 2000 hfsc (default,
upperlimit 60%)

  queue BG bandwidth 30% hfsc (upperlimit 30Mb) \
 { b_ack, b_dns, b_ntp, b_rdc, b_web, b_bulk, b_bittor }
queue b_ack bandwidth 10% priority 8 qlimit 500 hfsc (realtime
10%)
queue b_dns bandwidth 1%  priority 7 qlimit 500 hfsc (realtime
1% )
queue b_ntp bandwidth 10% priority 7 qlimit 500 hfsc (realtime
1% )
queue b_rdc bandwidth 10% priority 6 qlimit 500 hfsc (realtime
10%)
queue b_web bandwidth 30% priority 5 qlimit 500 hfsc (realtime
30%)
queue b_bulkbandwidth 30% priority 4 qlimit 500 hfsc (realtime
10%)
queue b_bittor  bandwidth 1%  priority 0 qlimit 500 hfsc
(upperlimit 85%)

 Translation and Filtering
###

### BLOCK all in/out on all interfaces by default and log
 blocklog on $ExtIf
 block return log on $IntIf
 block return log on $Free
 block quick  log on $ExtIf from BLOCK

### Network Address Translation (NAT with outgoing source port
randomization)
 match out log on egress from (self) \
to any nat-to ($ExtIf:0) port 1024:65535
 match out log on egress from !($ExtIf:0) \
to any nat-to ($ExtIf:0) port 1024:65535

### NAT from IntIf to FreeWifi
 match out log on $Free from $IntIf:network \
to $Free:network nat-to ($Free:0) port 1024:65535

### Packet normalization ( scrubbing )
 match log on $ExtIf all scrub (random-id max-mss 1472)

### Ftp ( secure ftp proxy for LAN )
 anchor ftp-proxy/*

### pppx
 pass log from $pppx

### $ExtIf inbound 

# npppd
  pass in log on $ExtIf proto {tcp, udp} from bgnets \
 to ($ExtIf) port $l2tp queue b_dns

# Named ( bind dns )
  pass in log on $ExtIf inet proto udp from any \
 to ($ExtIf) port domain queue i_dns
  pass in log on $ExtIf inet proto udp from bgnets \
 to ($ExtIf) port domain queue b_dns

# OpenSSH

Re: Arpresolve route without link local address

Re: Arpresolve route without link local address

Re: Arpresolve route without link local address

3 matches

Site Navigation

Mail list logo

Footer information