Current problem reports assigned to freebsd-pf@FreeBSD.org
Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/146832 pf [pf] "(self)" not always matching all local IPv6 addre o kern/144311 pf [pf] [icmp] massive ICMP storm on lo0 occurs when usin o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/121704 pf [pf] PF mangles loopback packets o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 45 problems total. ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
rdr + reply-to, some solution ?
Hi all. I know there is a problem in using rdr with the reply-to, I usually use some software to "rdr", as the rinetd, but it's not a pretty solution. Is there any alternative? Below is an example of what I'm talking about. # Nat section rdr on $if_ext2 proto tcp from any to 200.x.x.x port 80 -> 192.168.1.100 # Rules section pass in $if_ext2 reply-to ($if_ext2 $gw_ext2) proto tcp from any to 200.x.x.x port 80 the "reply-to" not working with rdr rule. Thanks -- Luiz Gustavo Costa (Powered by BSD) *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ mundoUnix - Consultoria em Software Livre http://www.mundounix.com.br ICQ: 2890831 / MSN: cont...@mundounix.com.br Tel: 55 (21) 2642-3799 / 7582-0594 Blog: http://www.luizgustavo.pro.br ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
rdr + reply-to, some solution ?
Hi all. I know there is a problem in using rdr with the reply-to, I usually use some software to "rdr", as the rinetd, but it's not a pretty solution. Is there any alternative? Below is an example of what I'm talking about. # Nat section rdr on $if_ext2 proto tcp from any to 200.x.x.x port 80 -> 192.168.1.100 # Rules section pass in $if_ext2 reply-to ($if_ext2 $gw_ext2) proto tcp from any to 200.x.x.x port 80 the "reply-to" not working with rdr rule. Thanks -- Luiz Gustavo Costa (Powered by BSD) *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ mundoUnix - Consultoria em Software Livre http://www.mundounix.com.br ICQ: 2890831 / MSN: cont...@mundounix.com.br Tel: 55 (21) 2642-3799 / 7582-0594 Blog: http://www.luizgustavo.pro.br ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
Re: rdr + reply-to, some solution ?
On Mon, Jun 28, 2010 at 5:12 PM, Luiz Gustavo S. Costa wrote: > Hi all. > > I know there is a problem in using rdr with the reply-to, I usually > use some software to "rdr", as the rinetd, but it's not a pretty > solution. > > Is there any alternative? > > Below is an example of what I'm talking about. > > # Nat section > rdr on $if_ext2 proto tcp from any to 200.x.x.x port 80 -> 192.168.1.100 > # Rules section > pass in $if_ext2 reply-to ($if_ext2 $gw_ext2) proto tcp from any to > 200.x.x.x port 80 > That rule won't match traffic from that rdr. The dest has to be the 192.168.1.100 IP. ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
Re: rdr + reply-to, some solution ?
hi Chris ! how are you? as it says here in Brazil: "I eat ball" :). pass in $if_int reply-to ($if_ext2 $gw_ext2) proto tcp from any to 192.168.1.100 port 80 but still, the combination does not work thanks 2010/6/28 Chris Buechler : > On Mon, Jun 28, 2010 at 5:12 PM, Luiz Gustavo S. Costa > wrote: >> Hi all. >> >> I know there is a problem in using rdr with the reply-to, I usually >> use some software to "rdr", as the rinetd, but it's not a pretty >> solution. >> >> Is there any alternative? >> >> Below is an example of what I'm talking about. >> >> # Nat section >> rdr on $if_ext2 proto tcp from any to 200.x.x.x port 80 -> 192.168.1.100 >> # Rules section >> pass in $if_ext2 reply-to ($if_ext2 $gw_ext2) proto tcp from any to >> 200.x.x.x port 80 >> > > That rule won't match traffic from that rdr. The dest has to be the > 192.168.1.100 IP. > -- Luiz Gustavo Costa (Powered by BSD) *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ mundoUnix - Consultoria em Software Livre http://www.mundounix.com.br ICQ: 2890831 / MSN: cont...@mundounix.com.br Tel: 55 (21) 2642-3799 / 7582-0594 Blog: http://www.luizgustavo.pro.br ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
Re: rdr + reply-to, some solution ?
On Mon, Jun 28, 2010 at 6:24 PM, Luiz Gustavo S. Costa wrote: > hi Chris ! how are you? > > as it says here in Brazil: "I eat ball" :). > > pass in $if_int reply-to ($if_ext2 $gw_ext2) proto tcp from any to > 192.168.1.100 port 80 > > but still, the combination does not work > Then that's not the rule that's matching the traffic. Presuming it worked previously when that rule wouldn't match the traffic, there must be some other rule matching. You may need 'quick' there as well depending on the rest of your ruleset and your intent. ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
Re: rdr + reply-to, some solution ?
PERFECT ! This is it ! (tribute to MJ) worked perfectly, had not really thought about using tag, perfect. thank you (valeu !) goodbye rinetd/redir ! 2010/6/28 Gabriel Fonseca : > 2010/6/28 Luiz Gustavo S. Costa >> >> hi Chris ! how are you? >> >> as it says here in Brazil: "I eat ball" :). >> >> pass in $if_int reply-to ($if_ext2 $gw_ext2) proto tcp from any to >> 192.168.1.100 port 80 >> >> but still, the combination does not work >> >> thanks >> >> >> 2010/6/28 Chris Buechler : >> > On Mon, Jun 28, 2010 at 5:12 PM, Luiz Gustavo S. Costa >> > wrote: >> >> Hi all. >> >> >> >> I know there is a problem in using rdr with the reply-to, I usually >> >> use some software to "rdr", as the rinetd, but it's not a pretty >> >> solution. >> >> >> >> Is there any alternative? >> >> >> >> Below is an example of what I'm talking about. >> >> >> >> # Nat section >> >> rdr on $if_ext2 proto tcp from any to 200.x.x.x port 80 -> >> >> 192.168.1.100 >> >> # Rules section >> >> pass in $if_ext2 reply-to ($if_ext2 $gw_ext2) proto tcp from any to >> >> 200.x.x.x port 80 >> >> >> > >> > That rule won't match traffic from that rdr. The dest has to be the >> > 192.168.1.100 IP. >> > >> >> >> >> -- >> Luiz Gustavo Costa (Powered by BSD) >> *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ >> mundoUnix - Consultoria em Software Livre >> http://www.mundounix.com.br >> ICQ: 2890831 / MSN: cont...@mundounix.com.br >> Tel: 55 (21) 2642-3799 / 7582-0594 >> Blog: http://www.luizgustavo.pro.br >> ___ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org" > > > Hi, Luiz "gugaBSD" Gustavo. > I don't exactly what your need, but I'll try help. > > Try this: > rdr on $if_ext2 proto tcp from any to 200.x.x.x port 80 tag LINK2 -> > 192.168.1.100 > pass in quick on $if_ext2 reply-to ( $if_ext2 $gw_ext2 ) tagged LINK2 > > I hope that helps. > > Gabriel "ethX" Fonseca > > > > > -- Luiz Gustavo Costa (Powered by BSD) *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ mundoUnix - Consultoria em Software Livre http://www.mundounix.com.br ICQ: 2890831 / MSN: cont...@mundounix.com.br Tel: 55 (21) 2642-3799 / 7582-0594 Blog: http://www.luizgustavo.pro.br ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
