converting from ipfw to pf - not working at all
Felix J. Ogrs
fjo-lists at ogris.de
Sun Jun 7 09:15:55 UTC 2015
Hi,
is ipfw still loaded and activated without any rules?
--Felix
On 06/07/15 05:53, Graham Menhennitt wrote:
> Hello FreeBSD pf list,
>
> I've been using FreeBSD and ipfw for many years on my router. I recently
> decided to move to pf instead of ipfw (trying to get a Chromecast to
> work - need UPnP via miniupnpd which only works with pf). But I can't
> get anything to work at all. I'm obviously doing something very
> basically wrong.
>
> Firstly, I'm running FreeBSD 10-stable as of a week or so ago. I do not
> have ALTQ compiled in my kernel, but I don't believe that I need it. The
> contents of /etc/pf.conf, and the output from dmesg, ifconfig, and pfctl
> -s all are below. I've replaced IP addresses to protect the innocent.
>
> If anybody can please help, I'd be very grateful.
>
> Thanks,
> Graham
>
> I have packet forwarding enabled:
>
> % sysctl net.inet.ip.forwarding net.inet6.ip6.forwarding
> net.inet.ip.forwarding: 1
> net.inet6.ip6.forwarding: 1
> %
>
>
> In /etc/rc.conf, I have:
>
> pf_enable="YES"
> pf_flags=""
> pf_rules="/etc/pf.conf"
> pflog_enable="YES"
> pflog_logfile="/var/log/pflog"
> pflog_flags=""
>
>
> After booting, the following processes are running:
>
> % ps axww|grep pf
> 585 - DL 0:00.14 [pf purge]
> 594 - Is 0:00.01 pflogd: [priv] (pflogd)
> 601 - S 0:00.02 pflogd: [running] -s 116 -i pflog0 -f
> /var/log/pflog (pflogd)
> 1114 u0 S+ 0:00.00 grep pf
> %
>
> Pinging myself gives errors:
>
> % ping XXX.2.73.1
> PING XXX.2.73.1 (XXX.2.73.1): 56 data bytes
> ping: sendto: Permission denied
> ^C
>
> --- XXX.2.73.1 ping statistics ---
> 3 packets transmitted, 0 packets received, 100.0% packet loss
>
> /etc/pf.conf:
>
> # internal and external interfaces
> int_if = "re0"
> ext_if = "re1"
> wap_if = "re2"
> ipv6_if = "gif0"
>
> #egress_if = $ext_if
>
> # interface classes
> #insecure_ifs = "{ $ext_if, $wap_if, $ipv6_if }"
> #natted_ifs = "{ $int_if, $wap_if }"
>
> # TCP ports we want to allow access to from insecure interfaces
> tcp_services_from_insecure_ifs = "{ ssh, imaps, openvpn }"
>
> # ping requests
> icmp_types = "echoreq"
>
> # block incoming traffic from unroutable addresses
> blocked = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8,
> 169.254.0.0/16, 192.0.2.0/24, 0.0.0.0/8, 240.0.0.0/4,
> 255.255.255.255/32 }"
>
> # options
> set block-policy drop
> set loginterface egress
> set skip on lo0
>
> # Scrub
> scrub in all
>
> # nat/rdr
> match out on egress inet from !(egress:network) to any nat-to (egress:0)
> #nat on egress from $int_if:network to any -> (egress)
> #nat on egress from $wap_if:network to any -> (egress)
> # for UPnP
> #rdr-anchor "miniupnpd"
>
> # filter rules
> block all
>
> # block traffic to/from private networks
> block drop in quick from $blocked to any
> block drop out quick from any to $blocked
>
> # allow access to certain TCP services from insecure interfaces
> pass in on $ext_if inet proto tcp from any to ($int_if) port
> $tcp_services_from_insecure_ifs flags S/SA keep state
> #pass in on $wap_if inet proto tcp from any to ($int_if) port
> $tcp_services_from_insecure_ifs flags S/SA keep state
> #pass in on $ipv6_if inet proto tcp from any to ($int_if) port
> $tcp_services_from_insecure_ifs flags S/SA keep state
>
> # allow in ping replies
> pass in inet proto icmp all icmp-type $icmp_types keep state
>
> # allow all traffic from internal network to internal interface
> pass in on $int_if from $int_if:network to any keep state
> pass out on $int_if from any to $int_if:network keep state
>
> # allow all traffic out via external interface
> pass out on $ext_if proto tcp all modulate state flags S/SA
> pass out on $ext_if proto { udp, icmp } all keep state
>
> # for UPnP
> #anchor "miniupnpd"
>
>
>
> pfctl -s all:
>
> TRANSLATION RULES:
> nat on egress inet from XXX.2.73.0/25 to any -> (egress) round-robin
>
> FILTER RULES:
> scrub in all fragment reassemble
> block drop all
> block drop in quick inet from <__automatic_523e5_0> to any
> block drop out quick inet from any to <__automatic_523e5_1>
> pass in on re1 inet proto tcp from any to (re0) port = ssh flags
> S/SA keep state
> pass in on re1 inet proto tcp from any to (re0) port = imaps flags
> S/SA keep state
> pass in on re1 inet proto tcp from any to (re0) port = openvpn flags
> S/SA keep state
> pass in inet proto icmp all icmp-type echoreq keep state
> pass in on re0 inet from XXX.2.73.0/25 to any flags S/SA keep state
> pass in on re0 inet6 from 2001:470:1f05:35d::/64 to any flags S/SA
> keep state
> pass out on re0 inet from any to XXX.2.73.0/25 flags S/SA keep state
> pass out on re0 inet6 from any to 2001:470:1f05:35d::/64 flags S/SA
> keep state
> pass out on re1 proto tcp all flags S/SA modulate state
> pass out on re1 proto udp all keep state
> pass out on re1 proto icmp all keep state
>
> STATES:
> all tcp 179.60.193.3:443 <- XXX.2.73.72:18969 CLOSED:SYN_SENT
> all tcp 179.60.193.3:443 <- XXX.2.73.72:27780 CLOSED:SYN_SENT
> all udp XXX.2.73.1:53 <- XXX.2.73.72:19784 NO_TRAFFIC:SINGLE
> all udp XXX.2.73.1:53 <- XXX.2.73.72:50987 NO_TRAFFIC:SINGLE
> all udp XXX.2.73.1:53 <- XXX.2.73.72:36252 NO_TRAFFIC:SINGLE
> all udp XXX.2.73.1:514 <- XXX.2.73.105:1024 NO_TRAFFIC:SINGLE
> all udp XXX.2.73.1:53 <- XXX.2.73.72:49728 NO_TRAFFIC:SINGLE
> all udp XXX.2.73.1:53 <- XXX.2.73.72:33288 NO_TRAFFIC:SINGLE
> all udp XXX.2.73.1:53 <- XXX.2.73.72:33594 NO_TRAFFIC:SINGLE
> all udp XXX.2.73.1:53 <- XXX.2.73.72:39265 NO_TRAFFIC:SINGLE
>
> INFO:
> Status: Enabled for 0 days 00:02:00 Debug: Urgent
>
> Interface Stats for egress IPv4 IPv6
> Bytes In 0 0
> Bytes Out 0 0
> Packets In
> Passed 0 0
> Blocked 0 0
> Packets Out
> Passed 0 0
> Blocked 0 0
>
> State Table Total Rate
> current entries 10
> searches 766 6.4/s
> inserts 29 0.2/s
> removals 19 0.2/s
> Counters
> match 744 6.2/s
> bad-offset 0 0.0/s
> fragment 0 0.0/s
> short 0 0.0/s
> normalize 0 0.0/s
> memory 0 0.0/s
> bad-timestamp 0 0.0/s
> congestion 0 0.0/s
> ip-option 0 0.0/s
> proto-cksum 0 0.0/s
> state-mismatch 0 0.0/s
> state-insert 0 0.0/s
> state-limit 0 0.0/s
> src-limit 0 0.0/s
> synproxy 0 0.0/s
>
> TIMEOUTS:
> tcp.first 120s
> tcp.opening 30s
> tcp.established 86400s
> tcp.closing 900s
> tcp.finwait 45s
> tcp.closed 90s
> tcp.tsdiff 30s
> udp.first 60s
> udp.single 30s
> udp.multiple 60s
> icmp.first 20s
> icmp.error 10s
> other.first 60s
> other.single 30s
> other.multiple 60s
> frag 30s
> interval 10s
> adaptive.start 6000 states
> adaptive.end 12000 states
> src.track 0s
>
> LIMITS:
> states hard limit 10000
> src-nodes hard limit 10000
> frags hard limit 5000
> table-entries hard limit 200000
>
> TABLES:
> __automatic_523e5_0
> __automatic_523e5_1
>
> OS FINGERPRINTS:
> 710 fingerprints loaded
>
>
>
> dmesg:
>
> Copyright (c) 1992-2015 The FreeBSD Project.
> Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
> The Regents of the University of California. All rights reserved.
> FreeBSD is a registered trademark of The FreeBSD Foundation.
> FreeBSD 10.1-STABLE #8 r282466: Wed May 6 23:22:44 AEST 2015
>
> gfm at maxwell.menhennitt.com.au:/usr/data/maxwell/obj/usr/data/FreeBSD/src_10-Stable/sys/maxwell
> amd64
> FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
> CPU: AMD G-T40E Processor (1000.02-MHz K8-class CPU)
> Origin="AuthenticAMD" Id=0x500f20 Family=0x14 Model=0x2 Stepping=0
>
> Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
> Features2=0x802209<SSE3,MON,SSSE3,CX16,POPCNT>
> AMD Features=0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM>
> AMD
> Features2=0x35ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,IBS,SKINIT,WDT>
> SVM: NP,NRIP,NAsids=8
> TSC: P-state invariant, performance statistics
> real memory = 4815060992 (4592 MB)
> avail memory = 4099497984 (3909 MB)
> Event timer "LAPIC" quality 400
> ACPI APIC Table: <CORE COREBOOT>
> FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
> FreeBSD/SMP: 1 package(s) x 2 core(s)
> cpu0 (BSP): APIC ID: 0
> cpu1 (AP): APIC ID: 1
> ioapic0 <Version 2.1> irqs 0-23 on motherboard
> random: <Software, Yarrow> initialized
> acpi0: <CORE COREBOOT> on motherboard
> acpi0: Power Button (fixed)
> cpu0: <ACPI CPU> on acpi0
> cpu1: <ACPI CPU> on acpi0
> atrtc0: <AT realtime clock> port 0x70-0x71 irq 8 on acpi0
> Event timer "RTC" frequency 32768 Hz quality 0
> attimer0: <AT timer> port 0x40-0x43 irq 0 on acpi0
> Timecounter "i8254" frequency 1193182 Hz quality 0
> Event timer "i8254" frequency 1193182 Hz quality 100
> hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
> Timecounter "HPET" frequency 14318180 Hz quality 950
> Event timer "HPET" frequency 14318180 Hz quality 550
> Event timer "HPET1" frequency 14318180 Hz quality 450
> Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
> acpi_timer0: <32-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
> pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
> pci0: <ACPI PCI bus> on pcib0
> pcib1: <ACPI PCI-PCI bridge> irq 16 at device 4.0 on pci0
> pci1: <ACPI PCI bus> on pcib1
> re0: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet>
> port 0x1000-0x10ff mem 0xf7a00000-0xf7a00fff,0xf7900000-0xf7903fff
> irq 16 at device 0.0 on pci1
> re0: Using 1 MSI-X message
> re0: ASPM disabled
> re0: Chip rev. 0x2c000000
> re0: MAC rev. 0x00200000
> miibus0: <MII bus> on re0
> rgephy0: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on
> miibus0
> rgephy0: none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX,
> 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master,
> 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow,
> 1000baseT-FDX-flow-master, auto, auto-flow
> re0: Using defaults for TSO: 65518/35/2048
> re0: Ethernet address: 00:0d:b9:35:c9:b0
> pcib2: <ACPI PCI-PCI bridge> irq 17 at device 5.0 on pci0
> pci2: <ACPI PCI bus> on pcib2
> re1: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet>
> port 0x2000-0x20ff mem 0xf7c00000-0xf7c00fff,0xf7b00000-0xf7b03fff
> irq 17 at device 0.0 on pci2
> re1: Using 1 MSI-X message
> re1: ASPM disabled
> re1: Chip rev. 0x2c000000
> re1: MAC rev. 0x00200000
> miibus1: <MII bus> on re1
> rgephy1: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on
> miibus1
> rgephy1: none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX,
> 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master,
> 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow,
> 1000baseT-FDX-flow-master, auto, auto-flow
> re1: Using defaults for TSO: 65518/35/2048
> re1: Ethernet address: 00:0d:b9:35:c9:b1
> pcib3: <ACPI PCI-PCI bridge> irq 18 at device 6.0 on pci0
> pci3: <ACPI PCI bus> on pcib3
> re2: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet>
> port 0x3000-0x30ff mem 0xf7e00000-0xf7e00fff,0xf7d00000-0xf7d03fff
> irq 18 at device 0.0 on pci3
> re2: Using 1 MSI-X message
> re2: ASPM disabled
> re2: Chip rev. 0x2c000000
> re2: MAC rev. 0x00200000
> miibus2: <MII bus> on re2
> rgephy2: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on
> miibus2
> rgephy2: none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX,
> 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master,
> 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow,
> 1000baseT-FDX-flow-master, auto, auto-flow
> re2: Using defaults for TSO: 65518/35/2048
> re2: Ethernet address: 00:0d:b9:35:c9:b2
> ahci0: <AMD SB7x0/SB8x0/SB9x0 AHCI SATA controller> port
> 0x4010-0x4017,0x4020-0x4023,0x4018-0x401f,0x4024-0x4027,0x4000-0x400f mem
> 0xf7f04000-0xf7f043ff irq 19 at device 17.0 on pci0
> ahci0: AHCI v1.20 with 6 6Gbps ports, Port Multiplier supported
> ahci0: quirks=0x1b5f0<ATI_PMP_BUG,1MSI>
> ahcich0: <AHCI channel> at channel 0 on ahci0
> ahcich1: <AHCI channel> at channel 1 on ahci0
> ahcich2: <AHCI channel> at channel 2 on ahci0
> ahcich3: <AHCI channel> at channel 3 on ahci0
> ahcich4: <AHCI channel> at channel 4 on ahci0
> ahcich5: <AHCI channel> at channel 5 on ahci0
> ohci0: <AMD SB7x0/SB8x0/SB9x0 USB controller> mem
> 0xf7f00000-0xf7f00fff irq 18 at device 18.0 on pci0
> usbus0 on ohci0
> ehci0: <AMD SB7x0/SB8x0/SB9x0 USB 2.0 controller> mem
> 0xf7f04400-0xf7f044ff irq 17 at device 18.2 on pci0
> usbus1: EHCI version 1.0
> usbus1 on ehci0
> ohci1: <AMD SB7x0/SB8x0/SB9x0 USB controller> mem
> 0xf7f01000-0xf7f01fff irq 18 at device 19.0 on pci0
> usbus2 on ohci1
> ehci1: <AMD SB7x0/SB8x0/SB9x0 USB 2.0 controller> mem
> 0xf7f04500-0xf7f045ff irq 17 at device 19.2 on pci0
> usbus3: EHCI version 1.0
> usbus3 on ehci1
> isab0: <PCI-ISA bridge> at device 20.3 on pci0
> isa0: <ISA bus> on isab0
> pcib4: <ACPI PCI-PCI bridge> at device 20.4 on pci0
> pci4: <ACPI PCI bus> on pcib4
> ohci2: <AMD SB7x0/SB8x0/SB9x0 USB controller> mem
> 0xf7f02000-0xf7f02fff irq 18 at device 20.5 on pci0
> usbus4 on ohci2
> pcib5: <ACPI PCI-PCI bridge> at device 21.0 on pci0
> pci5: <ACPI PCI bus> on pcib5
> ohci3: <AMD SB7x0/SB8x0/SB9x0 USB controller> mem
> 0xf7f03000-0xf7f03fff at device 22.0 on pci0
> usbus5 on ohci3
> ehci2: <AMD SB7x0/SB8x0/SB9x0 USB 2.0 controller> mem
> 0xf7f04600-0xf7f046ff at device 22.2 on pci0
> usbus6: EHCI version 1.0
> usbus6 on ehci2
> acpi_button0: <Power Button> on acpi0
> orm0: <ISA Option ROM> at iomem 0xee800-0xeffff on isa0
> uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 on
> isa0
> uart0: console (115200,n,8,1)
> uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 on isa0
> random: unblocking device.
> usbus0: 12Mbps Full Speed USB v1.0
> Timecounters tick every 1.000 msec
> ipfw2 (+ipv6) initialized, divert loadable, nat loadable, default to
> deny, logging disabled
> usbus1: 480Mbps High Speed USB v2.0
> usbus2: 12Mbps Full Speed USB v1.0
> usbus3: 480Mbps High Speed USB v2.0
> ugen0.1: <ATI> at usbus0
> uhub0: <ATI OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
> ugen1.1: <ATI> at usbus1
> uhub1: <ATI EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
> ugen2.1: <ATI> at usbus2
> uhub2: <ATI OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2
> ugen3.1: <ATI> at usbus3
> uhub3: <ATI EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus3
> usbus4: 12Mbps Full Speed USB v1.0
> usbus5: 12Mbps Full Speed USB v1.0
> usbus6: 480Mbps High Speed USB v2.0
> ugen4.1: <ATI> at usbus4
> uhub4: <ATI OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus4
> ugen5.1: <ATI> at usbus5
> uhub5: <ATI OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus5
> ugen6.1: <ATI> at usbus6
> uhub6: <ATI EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus6
> ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
> ada0: <SATA SSD S9FM01.9> ACS-3 ATA SATA 3.x device
> ada0: Serial Number 3AF607491C0800677564
> ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 8192bytes)
> ada0: Command Queueing enabled
> ada0: 15272MB (31277232 512 byte sectors: 16H 63S/T 16383C)
> ada0: Previously was known as ad4
> ada1 at ahcich1 bus 0 scbus1 target 0 lun 0
> ada1: <ST500LT012-1DG142 0001SDM1> ATA8-ACS SATA 3.x device
> ada1: Serial Number S3PD52ZD
> ada1: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 8192bytes)
> ada1: Command Queueing enabled
> ada1: 476940MB (976773168 512 byte sectors: 16H 63S/T 16383C)
> ada1: quirks=0x1<4K>
> ada1: Previously was known as ad6
> uhub4: 2 ports with 2 removable, self powered
> uhub0: 5 ports with 5 removable, self powered
> uhub2: 5 ports with 5 removable, self powered
> uhub5: 4 ports with 4 removable, self powered
> SMP: AP CPU #1 Launched!
> Timecounter "TSC" frequency 1000022996 Hz quality 800
> Root mount waiting for: usbus6 usbus3 usbus1
> Root mount waiting for: usbus6 usbus3 usbus1
> uhub6: 4 ports with 4 removable, self powered
> uhub3: 5 ports with 5 removable, self powered
> uhub1: 5 ports with 5 removable, self powered
> ugen6.2: <Generic> at usbus6
> umass0: <Generic Flash Card ReaderWriter, class 0/0, rev 2.01/1.00,
> addr 2> on usbus6
> umass0: SCSI over Bulk-Only; quirks = 0x4001
> umass0:6:0:-1: Attached to scbus6
> Root mount waiting for: usbus1
> da0 at umass-sim0 bus 0 scbus6 target 0 lun 0
> da0: <Multiple Card Reader 1.00> Removable Direct Access SPC-2 SCSI
> device
> da0: Serial Number 058F63666485
> da0: 40.000MB/s transfers
> da0: Attempt to query device size failed: NOT READY, Medium not present
> da0: quirks=0x2<NO_6_BYTE>
> ugen1.2: <vendor 0x1a40> at usbus1
> uhub7: <vendor 0x1a40 USB 2.0 Hub MTT, class 9/0, rev 2.00/1.00,
> addr 2> on usbus1
> uhub7: MTT enabled
> uhub7: 4 ports with 4 removable, self powered
> Root mount waiting for: usbus1
> Root mount waiting for: usbus1
> ugen1.3: <vendor 0x05e3> at usbus1
> umass1: <vendor 0x05e3 USB Storage, class 0/0, rev 2.00/96.02, addr
> 3> on usbus1
> umass1: SCSI over Bulk-Only; quirks = 0xc000
> umass1:7:1:-1: Attached to scbus7
> da1 at umass-sim1 bus 1 scbus7 target 0 lun 0
> da1: <Generic STORAGE DEVICE 9602> Removable Direct Access SCSI device
> da1: Serial Number 000000009602
> da1: 40.000MB/s transfers
> da1: Attempt to query device size failed: NOT READY, Medium not present
> da1: quirks=0x3<NO_SYNC_CACHE,NO_6_BYTE>
> da2 at umass-sim1 bus 1 scbus7 target 0 lun 1
> da2: <Generic STORAGE DEVICE 9602> Removable Direct Access SCSI device
> da2: Serial Number 000000009602
> da2: 40.000MB/s transfers
> da2: Attempt to query device size failed: NOT READY, Medium not present
> da2: quirks=0x3<NO_SYNC_CACHE,NO_6_BYTE>
> da3 at umass-sim1 bus 1 scbus7 target 0 lun 2
> da3: <Generic STORAGE DEVICE 9602> Removable Direct Access SCSI device
> da3: Serial Number 000000009602
> da3: 40.000MB/s transfers
> da3: Attempt to query device size failed: NOT READY, Medium not present
> da3: quirks=0x3<NO_SYNC_CACHE,NO_6_BYTE>
> da4 at umass-sim1 bus 1 scbus7 target 0 lun 3
> da4: <Generic STORAGE DEVICE 9602> Removable Direct Access SCSI device
> da4: Serial Number 000000009602
> da4: 40.000MB/s transfers
> da4: Attempt to query device size failed: NOT READY, Medium not present
> da4: quirks=0x3<NO_SYNC_CACHE,NO_6_BYTE>
> ugen1.4: <vendor 0x1a40> at usbus1
> uhub8: <vendor 0x1a40 USB 2.0 Hub MTT, class 9/0, rev 2.00/1.00,
> addr 4> on usbus1
> uhub8: MTT enabled
> Root mount waiting for: usbus1
> uhub8: 4 ports with 4 removable, self powered
> Trying to mount root from ufs:/dev/ada0p2 [rw,noatime]...
> NLM: failed to contact remote rpcbind, stat = 3, port = 28416
> NLM: failed to contact remote rpcbind, stat = 3, port = 28416
> Can't start NLM - unable to contact NSM
>
> ifconfig:
>
> re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
> 1500
>
> options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
> ether 00:0d:b9:35:c9:b0
> inet6 YYYYYYYYYYYYYY%re0 prefixlen 64 scopeid 0x1
> inet XXX.2.73.1 netmask 0xffffff80 broadcast XXX.2.73.127
> inet6 YYYYYYYYYYYYYY::1 prefixlen 64
> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
> media: Ethernet autoselect (1000baseT <full-duplex>)
> status: active
> re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
> 1500
>
> options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
> ether 00:0d:b9:35:c9:b1
> inet6 YYYYYYYYY%re1 prefixlen 64 scopeid 0x2
> inet YYY.YYY.YYY.YYY netmask 0xfffff000 broadcast
> YYY.YYY.YYY.255
> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> re2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
> 1500
>
> options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
> ether 00:0d:b9:35:c9:b2
> inet XXX.2.73.129 netmask 0xffffff80 broadcast XXX.2.73.255
> inet6 YYYYYYYYYYY%re2 prefixlen 64 scopeid 0x3
> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> inet6 ::1 prefixlen 128
> inet6 YYYYYYYYY%lo0 prefixlen 64 scopeid 0x4
> inet 127.0.0.1 netmask 0xff000000
> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>
>
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
More information about the freebsd-pf
mailing list