subject:"pf altq blocking ssh"

Re: pf altq blocking ssh

2005-10-17 Thread Henning Brauer

* Dimitry Andric [EMAIL PROTECTED] [2005-10-10 20:51]:
 Reyk Floeter wrote:
  altq on $if cbq bandwidth 100Mb queue { all, local, http, ssh, rsets }
  use a different name instead of all, like std. all is a reserved
  keyword.
 
 Hmm, wouldn't it be nice to generate some warnings on 'misuse' of
 keywords such as this?

that's not how parsers work.

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

pf altq blocking ssh

2005-10-10 Thread John Kintaro Tate

There is something wrong with my rules file, and I cant find the problem.

pf.conf...
#   $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

localaddr = {192.168.0.4 127.0.0.1}
localhosts = 192.168.0.0/24
allowedusers = {x11, root, named, _portmap, www}
if = xl0

altq on $if cbq bandwidth 100Mb queue { all, local, http, ssh, rsets }

queue all bandwidth 32Kb proirity 1
queue local bandwidth 100Mb proirity 10
queue http bandwidth 60Kb priority 5
queue ssh bandwidth 25Kb priority 7 cbq(borrow)
queue rsets bandwidth 7500b priority 0 cbq(red)

pass in  on $if inet proto tcp from any to any port 22 keep state queue ssh
pass out on $if inet proto tcp from any to any port 443 keep state queue http
pass in  on $if inet proto tcp from any to any port 443 keep state queue http
pass out on $if inet proto tcp from any to any keep state queue local
pass in  on $if inet proto tcp from any to any keep state queue local
pass in  on $if inet proto tcp from any to any keep state queue all
pass in  on $if inet proto tcp from any to any keep state queue all

table localnet const { 192.168.1/24 }
table banned persist file /etc/banned

block drop in on $if from banned to $localaddr
block drop out on $if from $localaddr to banned

block drop out on $if from $localaddr to localnet
pass out on $if from $localaddr to localnet user $allowedusers keep state
pass in on $if from $localaddr to localnet keep state

---

pfctl output...
-bash-3.00# pfctl -f /etc/pf.conf
/etc/pf.conf:12: syntax error
/etc/pf.conf:14: syntax error
/etc/pf.conf:15: queue local has no parent
/etc/pf.conf:15: errors in queue definition
/etc/pf.conf:16: queue http has no parent
/etc/pf.conf:16: errors in queue definition
/etc/pf.conf:17: queue ssh has no parent
/etc/pf.conf:17: errors in queue definition
/etc/pf.conf:18: queue rsets has no parent
/etc/pf.conf:18: errors in queue definition
/etc/pf.conf:25: syntax error
/etc/pf.conf:26: syntax error
pfctl: Syntax error in config file: pf rules not loaded

---

--
John Kintaro Tate
Mobile: 0413 348 815 (Yep, old number, but I have a new phone)

Free OpenBSD shell accounts for all with no gimmicks. Just send your
desired username and password to me, and I will create it.

Personal Website: http://kintaro.noobify.com

Illhostit Webhosting:
https://secure.illhostit.com/cgi-bin/affiliates/clickthru.cgi?id=Kintarocampaign=Email

Re: pf altq blocking ssh

2005-10-10 Thread Karl-Heinz Wild


On 10.10.2005, at 16:35, John Kintaro Tate wrote:


altq on $if cbq bandwidth 100Mb queue { all, local, http, ssh, rsets }


try other names. one of them seems to be a keyword?!
{ xall, xlocal, xhttp, xssh, xrsets }

Karl-Heinz

Re: pf altq blocking ssh

2005-10-10 Thread Reyk Floeter

On Tue, Oct 11, 2005 at 12:35:10AM +1000, John Kintaro Tate wrote:
 altq on $if cbq bandwidth 100Mb queue { all, local, http, ssh, rsets }
 

use a different name instead of all, like std. all is a reserved
keyword.

 queue all bandwidth 32Kb proirity 1
 queue local bandwidth 100Mb proirity 10
 queue http bandwidth 60Kb priority 5
 queue ssh bandwidth 25Kb priority 7 cbq(borrow)
 queue rsets bandwidth 7500b priority 0 cbq(red)
 

what exactly is proirity? it should be priority.

you have some other errors in your queue definition, use pfctl -nvf
pf.conf to parse and verify the file without loading it.

 pass in  on $if inet proto tcp from any to any keep state queue all
 pass in  on $if inet proto tcp from any to any keep state queue all
 

and change queue all to queue std.

i didn't verify the rest of your configuration. read pf.conf(5), have
a look at the examples in /usr/share/pf/ and try again ;-).

reyk

Re: pf altq blocking ssh

2005-10-10 Thread John Kintaro Tate

thanks everyone, problems fixed.

I love you guys.
On 10/11/05, John Kintaro Tate [EMAIL PROTECTED] wrote:
 There is something wrong with my rules file, and I cant find the problem.

 pf.conf...
 #   $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $
 #
 # See pf.conf(5) and /usr/share/pf for syntax and examples.
 # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
 # in /etc/sysctl.conf if packets are to be forwarded between interfaces.

 localaddr = {192.168.0.4 127.0.0.1}
 localhosts = 192.168.0.0/24
 allowedusers = {x11, root, named, _portmap, www}
 if = xl0

 altq on $if cbq bandwidth 100Mb queue { all, local, http, ssh, rsets }

 queue all bandwidth 32Kb proirity 1
 queue local bandwidth 100Mb proirity 10
 queue http bandwidth 60Kb priority 5
 queue ssh bandwidth 25Kb priority 7 cbq(borrow)
 queue rsets bandwidth 7500b priority 0 cbq(red)

 pass in  on $if inet proto tcp from any to any port 22 keep state queue ssh
 pass out on $if inet proto tcp from any to any port 443 keep state queue http
 pass in  on $if inet proto tcp from any to any port 443 keep state queue http
 pass out on $if inet proto tcp from any to any keep state queue local
 pass in  on $if inet proto tcp from any to any keep state queue local
 pass in  on $if inet proto tcp from any to any keep state queue all
 pass in  on $if inet proto tcp from any to any keep state queue all

 table localnet const { 192.168.1/24 }
 table banned persist file /etc/banned

 block drop in on $if from banned to $localaddr
 block drop out on $if from $localaddr to banned

 block drop out on $if from $localaddr to localnet
 pass out on $if from $localaddr to localnet user $allowedusers keep state
 pass in on $if from $localaddr to localnet keep state

 ---

 pfctl output...
 -bash-3.00# pfctl -f /etc/pf.conf
 /etc/pf.conf:12: syntax error
 /etc/pf.conf:14: syntax error
 /etc/pf.conf:15: queue local has no parent
 /etc/pf.conf:15: errors in queue definition
 /etc/pf.conf:16: queue http has no parent
 /etc/pf.conf:16: errors in queue definition
 /etc/pf.conf:17: queue ssh has no parent
 /etc/pf.conf:17: errors in queue definition
 /etc/pf.conf:18: queue rsets has no parent
 /etc/pf.conf:18: errors in queue definition
 /etc/pf.conf:25: syntax error
 /etc/pf.conf:26: syntax error
 pfctl: Syntax error in config file: pf rules not loaded

 ---

 --
 John Kintaro Tate
 Mobile: 0413 348 815 (Yep, old number, but I have a new phone)

 Free OpenBSD shell accounts for all with no gimmicks. Just send your
 desired username and password to me, and I will create it.

 Personal Website: http://kintaro.noobify.com

 Illhostit Webhosting:
 https://secure.illhostit.com/cgi-bin/affiliates/clickthru.cgi?id=Kintarocampaign=Email



--
John Kintaro Tate
Mobile: 0413 348 815 (Yep, old number, but I have a new phone)

Free OpenBSD shell accounts for all with no gimmicks. Just send your
desired username and password to me, and I will create it.

Personal Website: http://kintaro.noobify.com

Illhostit Webhosting:
https://secure.illhostit.com/cgi-bin/affiliates/clickthru.cgi?id=Kintarocampaign=Email

Re: pf altq blocking ssh

pf altq blocking ssh

Re: pf altq blocking ssh

Re: pf altq blocking ssh

Re: pf altq blocking ssh

5 matches

Site Navigation

Mail list logo

Footer information