packet filter and amanda
vchepkov at gmail.com
Sat Mar 31 23:20:43 UTC 2007
I finally gave up, maybe somebody can help me.
I have a router with FreeBSD 6.2-RELEASE-p1 with custom buld kernel:
device pf # PF OpenBSD packet-filter firewall
device pflog # logging support interface for PF
I am using amanda to backup a client which is behind router with pf running
amanda server - FreeBSD pf - amanda client
I compiled amanda with tcp/udp port ranges but I can get that far.
I expect this rule to allow amanda server to connect to amanda client:
pass out quick on $dmz_if proto udp from $amanda_server to any port 10080
Unfortunately, not all packets match this rule.
When I added this rule below, it works fine,, but it's too permissive
pass out log quick on $dmz_if from $amanda_server to any
These are packets that I can see in the log and I can't understand, why it
doesn't match my rule.
18:27:38.740741 IP (tos 0x0, ttl 63, id 61548, offset 0, flags [+], proto:
UDP (17), length: 1500) 192.168.17.2.859 > 192.168.16.2.10080: UDP, length
18:27:38.740752 IP (tos 0x0, ttl 63, id 61548, offset 1480, flags [none],
proto: UDP (17), length: 440) 192.168.17.2 > 192.168.160.2: udp
Could you tell me, what I am doing wrong, please.
More information about the freebsd-pf