NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kern/45846: pf(4) re-directs broken
>Number: 45846
>Category: kern
>Synopsis: pf(4) re-directs broken
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Jan 16 20:30:00 +0000 2012
>Originator: Hauke Fath
>Release: NetBSD 5.99.60
>Organization:
Falling Raindrops
>Environment:
System: NetBSD pizza.causeuse.org 5.99.60 NetBSD 5.99.60 (PIZZA_UP_PF) #0: Mon
Jan 16 14:13:03 CET 2012
hf@Hochstuhl:/var/obj/netbsd-builds/developer/sparc/sys/arch/sparc/compile/PIZZA_UP_PF
sparc
Architecture: sparc
Machine: sparc
>Description:
After upgrading my router from netbsd-4 to HEAD, I found the
re-directs I had set up for smtp access towards the router's
sendmail and http access towards the local squid were
broken. With rules the shape of
pass out proto tcp all modulate state flags S/SA
pass out proto { udp icmp } all keep state
# Redirect all smtp to 130.83.xx.yy to pizza's sendmail
rdr log on $lan_if proto tcp from $lan_if:network to 130.83.0.0/16 port smtp \
-> 172.16.7.10 port smtp
[...]
pass in log on $lan_if proto tcp from $lan_if:network to 172.16.7.10 \
port smtp flags S/SA keep state
the incoming connection is logged,
2012-01-16 20:57:04.795504 rule 61/0(match): pass in on hme2: 172.16.8.22.49200
> 172.16.7.10.25: Flags [S], seq 2630112150, win 65535, options [mss
1460,nop,wscale 3,nop,nop,TS val 125415267 ecr 0,sackOK,eol], length 0
then - silence. Eventually, the MUA times out.
Same happens for web access (transparently) re-directed through squid.
>How-To-Repeat:
Set up a pf(4) based router on a -current machine, add rules
that re-direct traffic to local daemons. Find they do not work.
>Fix:
Before NetBSD 6, please, but you guessed that one.
>Unformatted:
Home |
Main Index |
Thread Index |
Old Index