mpd pppoe client problems

Nikos Vassiliadis nvass at teledomenet.gr
Tue Dec 12 07:04:39 PST 2006


On Tuesday 12 December 2006 13:05, Alexei wrote:
> Hello.
> 
> > set link mtu 1492
> > check with ps command in which state mpd is when issuing rc.d stop
> > command.
> 
> Ok, I'll try it when I'm at home (probably this evening).
> 
> >> Nothing prevents it + ppp works fine. (But I don't like it for high
> >> cpu load)
> 
> > much better to show your rulebase
> 
> 00003   11030    3231606 count ip from table(1) to { me or dst-ip 192.168.42.0/24 } in via tun1
> 00004   13117    1969687 count ip from { me or 192.168.42.0/24 } to table(1) out via tun1
> 00005 1273820 1279717924 count ip from not table(1) to { me or dst-ip 192.168.42.0/24 } in via tun1
> 00006 1507468  446055133 count ip from { me or 192.168.42.0/24 } to not table(1) out via tun1
> 00009      44       2296 reset tcp from any to me dst-port 1080,3128,8000,8080
> 00011   38793    4293064 allow ip from me to any via fxp0
> 00011   24488    1695925 allow ip from any to me via fxp0
> 00012     926      72148 allow ip from any to any via lo0
> 00013       0          0 allow ip from 192.168.42.0/24 to 192.168.0.0/24
> 00013       0          0 allow ip from 192.168.0.0/24 to 192.168.42.0/24
> 00014       0          0 allow ip from 192.168.42.0/24 to 192.168.11.0/24
> 00014       0          0 allow ip from 192.168.11.0/24 to 192.168.42.0/24
> 00015       0          0 allow ip from 192.168.42.0/24 to 192.168.12.0/24
> 00015       0          0 allow ip from 192.168.12.0/24 to 192.168.42.0/24
> 00016    8609     760802 allow ip from any to 192.168.0.0/24
> 00016      58      20512 allow ip from 192.168.0.0/24 to any
> 00020 1520516  448026327 allow ip from me to any
> 00022       0          0 allow ip from 10.176.204.0/24 to me dst-port 22,2345
> 00030    1118      73065 allow ip from { 217.78.xx.xx or 87.240.xx.xx } to me dst-port 4444
> 00051   16153     901778 allow ip from 85.94.xx.xx to me
> 00100      13       1732 deny ip from any to me dst-port 22,4242,2345,4444
> 00101    1730     180253 deny ip from any to any dst-port 137,138,139,5000,445
> 00200  353792   78897431 allow ip from any to 192.168.42.2
> 00200  467364  392901222 allow ip from 192.168.42.2 to any
> 00201   80648   14398889 allow ip from any to 192.168.43.2
> 00201   81229    4285726 allow ip from 192.168.43.2 to any
> 01001 1267514 1281969619 allow ip from any to me
> 65535      43       5654 deny ip from any to any
> 

Your firewall rules are somehow obscure. Please do explicitly allow everything
from your host to the world and back, early in your ruleset(something like
"add 1 allow ip from me to any keep-state"). Test it and then fix your rules as
wanted.

Nikos


More information about the freebsd-net mailing list