NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/45846: pf(4) re-directs broken

>Number:         45846
>Category:       kern
>Synopsis:       pf(4) re-directs broken
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jan 16 20:30:00 +0000 2012
>Originator:     Hauke Fath
>Release:        NetBSD 5.99.60
Falling Raindrops
System: NetBSD 5.99.60 NetBSD 5.99.60 (PIZZA_UP_PF) #0: Mon 
Jan 16 14:13:03 CET 2012 
Architecture: sparc
Machine: sparc

        After upgrading my router from netbsd-4 to HEAD, I found the
        re-directs I had set up for smtp access towards the router's
        sendmail and http access towards the local squid were
        broken. With rules the shape of

pass out proto tcp all modulate state flags S/SA
pass out proto { udp icmp } all keep state

# Redirect all smtp to 130.83.xx.yy to pizza's sendmail
rdr log on $lan_if proto tcp from $lan_if:network to port smtp \
        -> port smtp


pass in log on $lan_if proto tcp from $lan_if:network to \
        port smtp flags S/SA keep state

the incoming connection is logged,

2012-01-16 20:57:04.795504 rule 61/0(match): pass in on hme2: 
> Flags [S], seq 2630112150, win 65535, options [mss 
1460,nop,wscale 3,nop,nop,TS val 125415267 ecr 0,sackOK,eol], length 0

then - silence. Eventually, the MUA times out.

Same happens for web access (transparently) re-directed through squid.


        Set up a pf(4) based router on a -current machine, add rules
        that re-direct traffic to local daemons. Find they do not work.

        Before NetBSD 6, please, but you guessed that one.


Home | Main Index | Thread Index | Old Index