Bug or other packet processing or misconfiguration error in FreeBSD.

Max Laier max at love2party.net
Sat Sep 9 04:00:14 PDT 2006 

On Saturday 09 September 2006 12:05, Albertas Guscius wrote:
> Bug or other packet processing or misconfiguration error in FreeBSD.
>
> Hello folks,
>
> I'm trying the same pf configuration on FreeBSD and OpenBSD, but
> results are different. The problem is that all outgoing traffic goes to
> default queue ignoring quick pass rules. I can't shape outgoing traffic
> on FreeBSD due to unknown problem. It looks like problem is bescause of
>  after NAT rules are not processed. With OpenBSD everything works fine.
> I tested it on FreeBSD_6_1, 5_5 and OpenBSD_3_9.
> Does anyone have any advice?
>
> Sincerely Yours,
> Albertas
>
>
> pf.conf:
>
> ext_if="rl0"
> int_if="rl1"
> internal_net="10.0.10.0/24"
>
> external_addr="192.168.0.22"
> internal_addr="10.0.10.1"
>
> altq on $ext_if hfsc bandwidth 10Mb queue { ip_out, local_out }
> queue ip_out bandwidth 1Mb hfsc (upperlimit 6Mb)
> queue local_out bandwidth 1Mb hfsc (default upperlimit 6Mb)
>
> altq on $int_if hfsc bandwidth 10Mb queue { ip_in, local_in }
> queue ip_in bandwidth 1Mb hfsc (upperlimit 6Mb)
> queue local_in bandwidth 1Mb hfsc (default upperlimit 6Mb)
>
> nat on $ext_if from $internal_net to any -> $external_addr
>
> pass out quick on $ext_if from any to any queue ip_out
> pass out quick on $int_if from any to any queue ip_in
>
> pass in all
> pass out all
>
> #in FreeBSD6.1 all traffic goes through local_out, in OpenBSD3.9 all
> traffic goes through ip_out.

Can you provide "pfctl -vvsr" and "pfctl -vsq" after some traffic has been 
generated?  Can you also share details about your setup?  Most 
interestingly: Does the traffic destined to $ext_if pass through userland 
ppp, or the like, before hitting rl0?

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20060909/f60142a5/attachment.pgp

More information about the freebsd-pf mailing list