NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

NPF: newbie experiencing some strange behavior

Hello guys,

I am trying to setup a gateway for a small home network using NetBSD and after buying and reading "The book of PF (2ed)" I saw a few presentations on NPF and its multi-threaded design and the fact that it will be NetBSD's default firewall and decided to use that instead of PF.

BTW is NPF really going to be the only firewall/packet filter supported in future releases??

Currently I have setup a bunch of net service (named, dhcp, nat) and managed to get all necessary NPF modules loaded (npf, npf-log, ...) but I seem to be having some kind of a newbie issue or experiencing some kind of a bug/problem.

Here is a small take out from what is happening:

gkpr# npfctl show
Filtering:      active
Configuration:  loaded

table <1> type hash

group (name "internal_net", interface wm0) {
        block in all
        pass in final from <1>
        pass stateful in final proto tcp to port 40200 apply "log"
        pass out final all

group (default) {
        pass final on lo0 all
        block all
gkpr# npfctl table 1 list
gkpr# host localhost
;; connection timed out; no servers could be reached
gkpr# /etc/rc.d/npf stop
Disabling NPF.
gkpr# host localhost
Using domain server:
Name: localhost
Aliases: has address has address has address mail is handled by 1 mail is handled by 1 mail is handled by 1

I think the 'pass final on lo0 all' should be quick-evaluated (no further rule processing should be done) and connectivity to the local named server should not be an issue... the snippet is straight from the examples.

I tried playing around with different settings in the config removing stuff and adding stuff to see which might be the offending definition as my intentions and setup are quite detailed so I simplified to what I think are bare bones and as soon as I turn NPF on things don't work network wise.

Any hints or ideas are welcome!
Thanks in advance.
Kind regards,

Home | Main Index | Thread Index | Old Index