PF Wrong interface FreeBSD 10.3-STABLE

Willsz.net willsznet at gmail.com
Sat Jul 8 08:20:21 UTC 2017


Hi,

Last night I try to upgrade from FreeBSD 9.3-STABLE to FreeBSD 10.3-STABLE.
Overall setup already success, but I got some PF Bug.

root:~# uname -a
FreeBSD ip.gw-core-rtr.willsz.net 10.3-STABLE FreeBSD 10.3-STABLE #0
r320796: Sat Jul  8 11:38:29 WIB 2017
root at ip.gw-core-rtr.willsz.net:/usr/obj/usr/src/sys/ROUTER  i386

root:~# ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
 
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LI
NKSTATE>
        ether 00:e0:4c:49:00:d4
        hwaddr 00:e0:4c:49:00:d4
        inet 192.168.100.254 netmask 0xffffff00 broadcast 192.168.100.255
        inet 192.168.100.150 netmask 0xffffffff broadcast 192.168.100.150
        inet 192.168.100.200 netmask 0xffffffff broadcast 192.168.100.200
        inet 192.168.100.250 netmask 0xffffffff broadcast 192.168.100.250
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=2008<VLAN_MTU,WOL_MAGIC>
        ether 00:24:01:d1:58:b4
        hwaddr 00:24:01:d1:58:b4
        inet 10.0.0.2 netmask 0xfffffffc broadcast 10.0.0.3
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33184
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 127.0.0.1 netmask 0xff000000
        inet 127.0.0.2 netmask 0xffffffff

Many droping packet in log:

1499501427.397500 rule 2/0(match): block in on lo0: 23.41.75.27.80 >
192.168.100.8.3443: Flags [R.], seq 0, ack 1, win 0, length 0
1499501427.598498 rule 2/0(match): block in on lo0: 23.41.75.27.80 >
192.168.100.8.3444: Flags [R.], seq 0, ack 1, win 0, length 0
1499501428.201500 rule 2/0(match): block in on lo0: 23.41.75.27.80 >
192.168.100.8.3430: Flags [R.], seq 0, ack 1, win 0, length 0
1499501428.362969 rule 2/0(match): block in on re0: 192.168.100.24.14033 >
114.125.217.176.14228: UDP, length 44
1499501428.399498 rule 2/0(match): block in on lo0: 74.125.68.101.80 >
192.168.100.25.49880: Flags [R.], seq 0, ack 1924445737, win 0, length 0
1499501428.677982 rule 2/0(match): block in on re0: 192.168.100.24.14033 >
114.125.217.176.14228: UDP, length 52
1499501430.045735 rule 2/0(match): block in on rl0: 114.125.217.176.14228 >
10.0.0.2.53618: UDP, length 49
1499501430.172501 rule 2/0(match): block in on lo0: 205.185.216.10.80 >
192.168.100.23.49684: Flags [R.], seq 0, ack 48800057, win 0, length 0
1499501430.694302 rule 2/0(match): block in on re0: 192.168.100.24.14033 >
114.125.217.176.14228: UDP, length 272
1499501430.697938 rule 2/0(match): block in on re0: 192.168.100.24.14033 >
114.125.217.176.14228: UDP, length 48
1499501431.026500 rule 2/0(match): block in on lo0: 74.125.68.101.80 >
192.168.100.26.51118: Flags [R.], seq 0, ack 832030607, win 0, length 0
1499501431.151498 rule 2/0(match): block in on lo0: 118.97.159.25.80 >
192.168.100.100.51145: Flags [R.], seq 0, ack 4182363522, win 0, length 0
1499501431.399499 rule 2/0(match): block in on lo0: 74.125.68.101.80 >
192.168.100.25.49880: Flags [R.], seq 0, ack 1, win 0, length 0
1499501431.715840 rule 2/0(match): block in on rl0: 114.125.217.176.14228 >
10.0.0.2.53618: UDP, length 269
1499501431.726029 rule 2/0(match): block in on rl0: 114.125.217.176.14228 >
10.0.0.2.53618: UDP, length 45
1499501432.685388 rule 2/0(match): block in on re0: 192.168.100.24.14033 >
114.125.217.176.14228: UDP, length 52
1499501433.175501 rule 2/0(match): block in on lo0: 205.185.216.10.80 >
192.168.100.23.49684: Flags [R.], seq 0, ack 1, win 0, length 0
1499501433.787500 rule 2/0(match): block in on lo0: 118.97.159.25.80 >
192.168.100.26.51119: Flags [R.], seq 0, ack 2237026976, win 0, length 0
1499501434.078498 rule 2/0(match): block in on lo0: 74.125.68.101.80 >
192.168.100.26.51118: Flags [R.], seq 0, ack 1, win 0, length 0
1499501434.151497 rule 2/0(match): block in on lo0: 118.97.159.25.80 >
192.168.100.100.51145: Flags [R.], seq 0, ack 1, win 0, length 0
1499501434.476170 rule 2/0(match): block in on re0: 192.168.100.24.14033 >
114.125.217.176.14228: UDP, length 44
1499501434.567713 rule 2/0(match): block in on rl0: 114.125.217.176.14228 >
10.0.0.2.53618: UDP, length 49
1499501435.167236 rule 2/0(match): block in on re0: 192.168.100.24.14033 >
114.125.217.176.14228: UDP, length 44
1499501435.252499 rule 2/0(match): block in on lo0: 23.41.75.27.80 >
192.168.100.8.3460: Flags [R.], seq 0, ack 1526731597, win 0, length 0
1499501435.554502 rule 2/0(match): block in on lo0: 23.41.75.27.80 >
192.168.100.8.3461: Flags [R.], seq 0, ack 1099638812, win 0, length 0
1499501435.682249 rule 2/0(match): block in on re0: 192.168.100.24.14033 >
114.125.217.176.14228: UDP, length 44
1499501435.698473 rule 2/0(match): block in on re0: 192.168.100.24.14033 >
114.125.217.176.14228: UDP, length 272
1499501435.702151 rule 2/0(match): block in on re0: 192.168.100.24.14033 >
114.125.217.176.14228: UDP, length 48
1499501436.182504 rule 2/0(match): block in on lo0: 172.217.24.110.80 >
192.168.100.2.1598: Flags [R.], seq 0, ack 2746158442, win 0, length 0
1499501436.213500 rule 2/0(match): block in on lo0: 74.125.68.102.80 >
192.168.100.24.49494: Flags [R.], seq 0, ack 2167282913, win 0, length 0
1499501436.334497 rule 2/0(match): block in on lo0: 172.217.24.110.80 >
192.168.100.2.1599: Flags [R.], seq 0, ack 2689718291, win 0, length 0
1499501436.334499 rule 2/0(match): block in on lo0: 172.217.24.110.80 >
192.168.100.2.1600: Flags [R.], seq 0, ack 972241888, win 0, length 0
1499501436.630510 rule 2/0(match): block in on lo0: 172.217.24.110.80 >
192.168.100.2.1601: Flags [R.], seq 0, ack 2544069355, win 0, length 0
1499501436.688502 rule 2/0(match): block in on re0: 192.168.100.24.14033 >
114.125.217.176.14228: UDP, length 52
1499501436.752081 rule 2/0(match): block in on rl0: 114.125.217.176.14228 >
10.0.0.2.53618: UDP, length 269
1499501436.767871 rule 2/0(match): block in on rl0: 114.125.217.176.14228 >
10.0.0.2.53618: UDP, length 45
1499501436.877498 rule 2/0(match): block in on lo0: 118.97.159.25.80 >
192.168.100.26.51119: Flags [R.], seq 0, ack 1, win 0, length 0
1499501437.399498 rule 2/0(match): block in on lo0: 74.125.68.101.80 >
192.168.100.25.49880: Flags [R.], seq 0, ack 1, win 0, length 0
1499501438.023504 rule 2/0(match): block in on lo0: 172.217.24.110.80 >
192.168.100.2.1602: Flags [R.], seq 0, ack 936358664, win 0, length 0
1499501438.258498 rule 2/0(match): block in on lo0: 23.41.75.27.80 >
192.168.100.8.3460: Flags [R.], seq 0, ack 1, win 0, length 0
1499501438.288500 rule 2/0(match): block in on lo0: 172.217.24.110.80 >
192.168.100.2.1603: Flags [R.], seq 0, ack 3856649628, win 0, length 0
1499501438.545792 rule 2/0(match): block in on rl0: 114.125.217.176.14228 >
10.0.0.2.53618: UDP, length 49
1499501438.560501 rule 2/0(match): block in on lo0: 23.41.75.27.80 >
192.168.100.8.3461: Flags [R.], seq 0, ack 1, win 0, length 0
1499501439.105498 rule 2/0(match): block in on lo0: 172.217.24.110.80 >
192.168.100.2.1598: Flags [R.], seq 0, ack 1, win 0, length 0

This's weired with loopback interface with public IPADDR. pf.conf already
import from 9.3-STABLE with no problem in last 4 years ago.

Anyone got same problem? Any suggestion for this issue?

Thank You  


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus



More information about the freebsd-questions mailing list