DragonFly users List (threaded) for 2004-10
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: pf is dropping connections
Mark Cullen wrote:
Yet more problems from me :) I just got a semi-basic ruleset for pf and
it seems to be dropping connections. For example: If I SSH into my
University and start typing say.. telnet <someplace> PuTTY will pop up a
nice little error message saying "software caused connection abort", or
something similar. I didn't have this problem with ipfw1 and natd.
Here's my rules. Maybe I got it a bit wrong somewhere? I copied most of
it from an online example thing.
-- /etc/pf.conf --
ext_if="fxp1"
int_if="fxp0"
# my adsl modem is 192.168.0.1 ....
priv_nets = "{ 127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8 }"
icmp_types = "echoreq"
tcp_services = "{ 80, 21, 20, 50000:50010 }"
udp_services = "{ 5029 }"
# set things
set block-policy return
set loginterface $ext_if
scrub in all
# NAT
nat on $ext_if from $int_if:network to any -> ($ext_if)
# block all traffic
block all
pass quick on lo0 all
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
# open ports to server
pass in on $ext_if inet proto tcp from any to ($ext_if) port
$tcp_services flags S/SA keep state
pass in on $ext_if inet proto udp from any to ($ext_if) port
$udp_services keep state
# allow traffic all inside network
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $int_if from $int_if:network to any
pass out on $int_if from any to $int_if:network
# allow network traffic to go out to the internet, keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
Is there anything there that might be causing it to drop connections?
No ideas? I went back to ipfw allow everything rules for the night. I
couldn't get logging with pf to work either. Might have helped me
figured out what was going wrong.. Is it supposed to create /dev/pflog
or something? I ran makedev and that didn't appear.. pflogd complained too:
Oct 23 21:08:31 bone pflogd[8709]: Failed to initialize: BIOCSETIF:
pflog0: Network is down
Oct 23 21:08:31 bone pflogd[8709]: Exiting, init failure
I kinda hope my problems are just because there's still something a bit
wrong with pf in stable. It's looking like I might have to try FreeBSD 4
. . can't go without a firewall!
--
Internet Explorer? Try FireFox at http://www.mozilla.org/products/firefox/
Outlook Express? Try ThunderBird at
http://www.mozilla.org/products/thunderbird/
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]