Ok, here is a diff I did on the two different ipfs. The ones with < at the beginning are the rules without keep state after rl0 and the ones with > are what happened after I added keep state to rl0. I don't really see much difference, except that the number of blocked packets is greater for very last rule, though I expect that that is mostly a function of time, as I had that set of rule running for over an hour. Do you see anything here that might explain my difficulties? I would prefer to know exactly what was going on so that I might be able to troubleshoot further problems on my own with greater success.
Thanks again for your help. < 0 @1 pass out quick on rl0 all < 0 @2 pass out quick on lo0 all ---
0 @1 pass out quick on rl0 all keep state 8 @2 pass out quick on lo0 all
4c4 < 0 @4 pass out quick on vr0 proto udp from any to 64.59.184.13/32 port = domain keep state ---
54 @4 pass out quick on vr0 proto udp from any to 64.59.184.13/32 port = domain keep state
6c6 < 0 @6 pass out quick on vr0 proto udp from any to 64.59.184.15/32 port = domain keep state ---
14 @6 pass out quick on vr0 proto udp from any to 64.59.184.15/32 port = domain keep state
13c13 < 0 @13 pass out quick on vr0 proto tcp from any to any port = ftp flags S/FSRPAU keep state ---
4 @13 pass out quick on vr0 proto tcp from any to any port = ftp flags S/FSRPAU keep state
29,31c29,31 < 0 @29 block out log first quick on vr0 all < 0 @1 pass in quick on rl0 all < 0 @2 pass in quick on lo0 all ---
120 @29 block out log first quick on vr0 all 4922 @1 pass in quick on rl0 all keep state 8 @2 pass in quick on lo0 all
35,36c35,36 < 4 @6 pass in quick on vr0 proto tcp from any to 192.168.0.254/32 port = 50505 flags S/FSRPAU keep state < 3 @7 pass in quick on vr0 proto udp from any to 192.168.0.254/32 port = 50505 keep state ---
2328 @6 pass in quick on vr0 proto tcp from any to 192.168.0.254/32 port = 50505 flags S/FSRPAU keep state 5605 @7 pass in quick on vr0 proto udp from any to 192.168.0.254/32 port = 50505 keep state
39c39 < 0 @10 block in quick on vr0 from 192.168.0.0/16 to any ---
1 @10 block in quick on vr0 from 192.168.0.0/16 to any
53c53 < 0 @24 block in quick on vr0 proto icmp from any to any icmp-type echo ---
8 @24 block in quick on vr0 proto icmp from any to any icmp-type echo
55c55 < 0 @26 block in log first quick on vr0 proto tcp/udp from any to any port = netbios-ns ---
4 @26 block in log first quick on vr0 proto tcp/udp from any to any port = netbios-ns
57c57 < 0 @28 block in log first quick on vr0 proto tcp/udp from any to any port = netbios-ssn ---
45 @28 block in log first quick on vr0 proto tcp/udp from any to any port = netbios-ssn
64c64 < 0 @35 block in log first quick on vr0 all ---
1236 @35 block in log first quick on vr0 all
On 6/9/06, Larry Moore <[EMAIL PROTECTED]> wrote:
----- Original Message ----- From: "Trevor Osatchuk" <[EMAIL PROTECTED]> To: "Larry Moore" <[EMAIL PROTECTED]> Cc: <[email protected]> Sent: Saturday, June 10, 2006 12:02 AM Subject: Re: Problems with Azureus > Larry, I tired all of your suggestions one at a time and all the > iterations to see what difference they made. the only one that made > the difference was adding keep state on the pass in/out on rl0, my > internal interface. I thought that keep state was the way ipf kept > track of 'established' connections. If a session was started on a > particular port, or in this case an interface, once it was allowed > through keep state would then let the session continue with no further > checking. Why would it matter if I had keep state on rl0 since I am > passing everything be default? It certainly had made a difference, > but why? > I suspect it's to do with the compiled in default operation of "block all". Not seeing the results of ipfstat -iohn would lead to guessing though perhaps you used this command before and after making keep-state rules on rl0 and observed the changes. Cheers, Larry.
