PF error message looping on screen. System Locked.

Volker volker at vwsoft.com
Thu Jun 14 14:00:55 UTC 2007 

On 06/14/07 15:33, Roger Miranda wrote:
> We are having a bit of a problem with Freebsd and PF.  We have transfered 
> 150GB (+/-), yesterday over a Freebsd 6.2 machine with IF_Bridge (acting as a 
> transparent proxy)
> 
> The issue is 5-8 hours after the boot up of the machine we get PF loop (Fast, 
> continuous loop, so we can not read the message) on the screen.  The machine 
> is completly un responsive.  But I noticed the that Num Lock (only the num 
> lock button) button is still responsive.
> 
> Thanks in advance for any help.  I am still new at freebsd and pf, switching 
> over from Linux.
> 
> Here is a copy of my pf.conf and output of ifconfig.
> 
> ----pf.conf----
> int_if="em1"
> ext_if="em0"
> net="XXX.XXX.0.XX/16"
> wac_ip="XXX.XXX.0.XX"
> set optimization conservative
> 
> rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128
> pass in log on $int_if route-to lo0 inet proto tcp from any to any port 3128 
> keep state
> 
> pass in log quick on $int_if proto tcp from any to any port 80 keep state
> pass in log quick on $int_if proto tcp from any to any port 443 keep state
> 
> pass in log quick on $int_if proto tcp from any to $wac_ip port 8080 keep 
> state
> 
> pass in log quick proto icmp from any to any keep state
> 
> block in log quick on $int_if proto tcp from any to any port 1863
> 
> pass in log quick proto udp from any to any port 67:68 keep state
> 
> pass in log quick proto udp from any to any port 53 keep state
> 
> pass log quick proto tcp from any to any port 22 keep state 
> 
> 
> ----Output: ifconfig-----
> em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> 	options=48<VLAN_MTU,POLLING>
> 	ether 00:30:48:86:97:62
> 	media: Ethernet autoselect (1000baseTX <full-duplex>)
> 	status: active
> em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> 	options=48<VLAN_MTU,POLLING>
> 	inet XXX.XXX.0.XX netmask 0xffffff00 broadcast XXX.XXX.0.XXX
> 	ether 00:30:48:86:97:63
> 	media: Ethernet autoselect (1000baseTX <full-duplex>)
> 	status: active
> pfsync0: flags=0<> mtu 2020
> 	syncpeer: 224.0.0.240 maxupd: 128
> pflog0: flags=0<> mtu 33208
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> 	inet 127.0.0.1 netmask 0xff000000 
> bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> 	ether 36:3e:f7:b9:a3:4d
> 	priority 32768 hellotime 2 fwddelay 15 maxage 20
> 	member: em1 flags=3<LEARNING,DISCOVER>
> 	member: em0 flags=3<LEARNING,DISCOVER>

Roger,

I remember a discussion about your machine in stable@ some time ago.

> We have transfered 150GB (+/-)

Using sftp, ftp, http or ...?

Are you by any chance being able to get a photopicture (with fast
shutter time) of the debug messages? Do you have anything in
/var/log/debug.log /var/log/messages which might be useful?

I think we first need an idea of what messages are popping up.

Volker

More information about the freebsd-pf mailing list