Vexing IPF problem

horio shoichi bugsgrief at bugsgrief.net
Fri Jun 17 22:44:01 GMT 2005 

On Fri, 17 Jun 2005 08:12:45 -0700 (PDT)
DH <dhutch9999 at yahoo.com> wrote:
> I'm having a problem with IPF blocking packets that appear should be let through.
>  
> I've sent quite a bit of time going through the Handbook, man pages, etc & I must be missing something so any help is greatly appriciated.
>  
> uname -a freebsd 4.11-release #0
>  
> SMP kernel, dual PIII processor, 512 MB ECC RAM, SCSI HDs
>  
> execerpt from rule set:
>  
> Kernel compiled with "default allow" until I finish getting the ruleset rewritten.
>  
> Rule #1 block in log from any to any
>  
> pass in quick on lo0
> pass out quick on lo0
>  
> block in log quick on fxp0 from any to any with ipopts
> block in log quick proto tcp from any to any with short
> ...
> pass in log first proto tcp from any to any port = 80 flags S keep state
> pass in log first proto tcp from any port = 80 to any flags S keep state
> pass out log first proto tcp from any to any port = 80 flags S keep state
>  
>  
> netstat -m = 129/576/16384
> 9% of mb_map in use
>  
> Proxy Server - Squid 2.5.stable10
>  
>  
> The behavior I'm seeing is out going connections to websites on port 80 are being passed
> but the in bound traffic is being blocked.  The ipflog entries look like this:
>  
>  
> my ip = s   theirs = d
>  
> @0:390 p s.s.s.s,3601 -> d.d.d.d,80 PR tcp len 20 60 -S K-S OUT
>  
> @0:1 b d.d.d.d,80 -> s.s.s.s,3601 PR tcp len 20 43 -AR IN
>  
>  
>   
> Thanks in advance to those giving their time to lend a hand, I know you time is valuable.
>  
> Please CC my address in your reply.
>  
> David Hutchens III
> Network Technician
>  
>  
>  
> 
> 		
> ---------------------------------
> Yahoo! Sports
>  Rekindle the Rivalries. Sign up for Fantasy Football
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> 

Any reason you avoid 'quick' keywords in rules around 390 ?

Also, from my vague memory 'first' should not be necessary with 'quick'.


horio shoichi

More information about the freebsd-questions mailing list