netbsd-help: NetBSD 3.0 and problems with ipf and ipnat

Subject: NetBSD 3.0 and problems with ipf and ipnat
To: netbsd_help <netbsd-help@NetBSD.org>
From: Ebuemir <ebuemir@inode.at>
List: netbsd-help
Date: 02/01/2006 14:42:26
Hi List!

I am new in NetBSD and my english is bad.
I have a NetBSD gateway/router for my LAN my Internet Connection is xDSL
from inode.at/Provider i make the connection with pppoe.
I have a problem when i try to upload/delete a Folder on a Ftp-Server it
doesnt work after sometime when uploading/deleting the Folder cames a
Error:   "Time Out" or gftp dies. I tried with a OpenBSD 3.8 and there
was no error it works.The Error comes just whenn i have Folders with
some Subfolders and Files. When its just a big File exmpale with 60mb
there is no problem.
Sorry for my english.
=20
Here my ifconfig.pppoe0 , ipnat.conf ,ipf.conf:
first ifconfig.pppoe0:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
# Um das Device zu erstellen
create
# Um das Interface das von PPPoE benutzt wird zu aktivieren
! /sbin/ifconfig rtk0 up
# Wir benutzen $int f=FCr rtk0
! /sbin/pppoectl -e rtk0 $int
# Authentifizierung konfigurieren
! /sbin/pppoectl $int myauthproto=3Dpap 'myauthname=3Dusername@home'
'myauthsecret=3Dpasswort' hisauthproto=3Dnone
0.0.0.0 0.0.0.1 up
# eof
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
ipnat.conf
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
# NAT
map pppoe0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp
map pppoe0 192.168.1.0/24 -> 0/32 portmap tcp/udp auto
map pppoe0 192.168.1.0/24 -> 0/32
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
ipf.conf
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
# Kaputte oder gef=E4rliche Pakete werden geblockt
block in log quick from any to any with ipopts
block in log quick proto tcp from any to any with short
block in log quick from any to any with frag
block in log quick from any to any with opt lsrr
block in log quick from any to any with opt ssrr

# Loopback wird erlaubt
pass out quick on lo0 from any to any
pass in  quick on lo0 from any to any

# Lokales Netzwerk ist erlaubt
pass out quick on rtk0 from any to any
pass in  quick on rtk0 from any to any
pass out quick on sk0 from any to any
pass in quick on sk0 from any to any
# Wir halten den Status aller Verbindungen von innen nach aussen
pass out quick on pppoe0 proto tcp from any to any flags S keep state
keep
frags
pass out quick on pppoe0 proto udp from any to any keep state keep frags
pass out quick on pppoe0 proto icmp from any to any keep state keep
frags

# Gef=E4lschte oder unwahrscheinliche Pakete kommen nicht rein
block in log body quick on pppoe0 from 192.168.0.0/16 to any
block in log body quick on pppoe0 from 172.16.0.0/12 to any
block in log body quick on pppoe0 from 10.0.0.0/8 to any
block in log body quick on pppoe0 from 127.0.0.0/8 to any
block in log body quick on pppoe0 from 0.0.0.0/8 to any
block in log body quick on pppoe0 from 169.254.0.0/16 to any
block in log body quick on pppoe0 from 192.0.2.0/24 to any
block in log body quick on pppoe0 from 204.152.64.0/23 to any
block in log body quick on pppoe0 from 224.0.0.0/3 to any

block out log body quick on pppoe0 from any to 192.168.0.0/16
block out log body quick on pppoe0 from any to 172.16.0.0/12
block out log body quick on pppoe0 from any to 10.0.0.0/8
block out log body quick on pppoe0 from any to 127.0.0.0/8
block out log body quick on pppoe0 from any to 0.0.0.0/8
block out log body quick on pppoe0 from any to 169.254.0.0/16
block out log body quick on pppoe0 from any to 192.0.2.0/24
block out log body quick on pppoe0 from any to 204.152.64.0/23
block out log body quick on pppoe0 from any to 224.0.0.0/3

# Erlaube Ping, ident und ssh von aussen
#
# ping
pass in log quick on pppoe0 proto icmp from any to any icmp-type echo
keep
state
# ssh
pass in log quick on pppoe0 proto tcp from any to any port =3D 26 flags S
keep state keep frags
#          22 flags S keep state keep frags
pass in log quick on pppoe0 proto tcp from any to any port 49160:49300
flags S keep state keep frags
 # auth/ident
#pass in log quick on pppoe0 proto tcp from any to any port =3D

#          113 flags S keep state keep frags

# Alle anderen geblockten Pakete werden geloggt (ipflog)
block in log quick from any to any
block out log quick from any to any
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

Thanks for your Help