I have a case where it fails.
rtorrent can't connect to the tracker.
rtorrent is bound to 192.168.0.2 (em0) and the external iface is em2
so it's a mixture of having hw-csum and no hw-csum
em0 at pci2 dev 0 function 0 "Intel PRO/1000 (82576)" rev 0x01: msi,
address 90:e2:ba:0c:95:86
em1 at pci2 dev 0 function 1 "Intel PRO/1000 (82576)" rev 0x01: msi,
address 90:e2:ba:0c:95:87
em2 at pci6 dev 5 function 0 "Intel PRO/1000MT (82541GI)" rev 0x00: apic 4
int 20, address 00:0e:0c:5f:bf:30
em0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 4088
hwfeatures=10<VLAN_MTU>
lladdr 90:e2:ba:0c:95:86
description: lan1 1G/jumbo
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
inet 192.168.0.1 netmask 0xffffffff
em1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 1500
hwfeatures=10<VLAN_MTU>
lladdr 90:e2:ba:0c:95:87
description: lan2 1G/100
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
hwfeatures=36<CSUM_TCPv4,CSUM_UDPv4,VLAN_MTU,VLAN_HWTAGGING>
lladdr 00:0e:0c:5f:bf:30
description: wan
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
pf.conf:
nic0="em0"
nic1="em1"
ext="em2"
torrent="5881:5889,6881"
table <spamd-white> persist
set block-policy return
set skip on { lo $nic0 $nic1 bridge0 }
block on $ext
pass in on $ext inet proto { tcp udp } from any to ($ext) port ssh
pass in on $ext inet proto tcp from any to ($ext) port { auth pop3s imaps
}
pass in on $ext inet proto tcp from any to ($ext) port { www https }
rdr-to 192.168.0.2
pass in on $ext inet proto { tcp udp } from any to ($ext) port { $torrent
} rdr-to 192.168.0.2
pass in on $ext inet proto tcp from any to ($ext) port smtp rdr-to
127.0.0.1 port spamd
pass in on $ext inet proto tcp from <spamd-white> to ($ext) port smtp
match out on $ext from !($ext) nat-to ($ext:0)
On Wed, Nov 7, 2012 at 9:03 PM, Andreas Bartelt <o...@bartula.de> wrote:
> and these also look good:
>
> > dmesg|grep ^em
> em0 at pci3 dev 0 function 0 "Intel PRO/1000 PT (82572EI)" rev 0x06: apic
> 2 int 17, address X:X:X:X:X:X
>
> > ifconfig em hwfeatures
> em0: flags=8843<UP,BROADCAST,**RUNNING,SIMPLEX,MULTICAST> mtu 1500
>
> hwfeatures=36<CSUM_TCPv4,CSUM_**UDPv4,VLAN_MTU,VLAN_HWTAGGING>
> lladdr X:X:X:X:X:X
> priority: 0
> groups: egress
>
> media: Ethernet autoselect (1000baseT full-duplex)
> status: active
>
> # dmesg|grep ^em
> em0 at pci0 dev 25 function 0 "Intel ICH8 IGP M AMT" rev 0x03: msi,
> address X:X:X:X:X:X
>
> # ifconfig em0 hwfeatures
> em0: flags=8843<UP,BROADCAST,**RUNNING,SIMPLEX,MULTICAST> mtu 1500
>
> hwfeatures=36<CSUM_TCPv4,CSUM_**UDPv4,VLAN_MTU,VLAN_HWTAGGING>
> lladdr X:X:X:X:X:X
> priority: 0
> groups: egress
> media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
> status: active
>
> I will keep the patch enabled on these interfaces and report if there
> should be any problems which I didn't notice yet.
>
> Best Regards
> Andreas
