Hi, I don't know if I'm hitting a bug or I'm missing something. I'm
using 7.2 (ZEN), enabled passthrough and configured it like this:
[root@srvpf ~]# grep ^passt /usr/local/pf/conf/pf.conf
passthrough=enabled
passthroughs=*.facebook.com,*.fbcdn.net,*.akamaihd.net,portquiz.net:tcp:8080
Notice that the last one has a port defined. Unfortunetely the only
ports opened are 80 and 443:
[root@srvpf ~]# ipset list pfsession_passthrough
Name: pfsession_passthrough
Type: hash:ip,port
Revision: 2
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16592
References: 2
Members:
178.33.250.62,tcp:80
178.33.250.62,tcp:443
Where 178.33.250.62 is the ip address of portquiz.net
This is a log snippet of pfdns in TRACE mode
Aug 8 17:04:15 srvpf pfdns: pfdns(3121) DEBUG: [mac:[undef]] pfdns:
caught SIGTERM - terminating (main::normal_sighandler)
Aug 8 17:04:15 srvpf pfdns: pfdns(3121) DEBUG: [mac:[undef]] pfdns:
caught SIGTERM - terminating (main::normal_sighandler)
Aug 8 17:04:15 srvpf pfdns: pfdns(3121) DEBUG: [mac:[undef]] pfdns:
caught SIGTERM - terminating (main::normal_sighandler)
Aug 8 17:04:15 srvpf pfdns: pfdns(3121) DEBUG: [mac:[undef]] pfdns:
caught SIGTERM - terminating (main::normal_sighandler)
Aug 8 17:04:15 srvpf pfdns: pfdns(3121) DEBUG: [mac:[undef]] pfdns:
caught SIGTERM - terminating (main::normal_sighandler)
Aug 8 17:04:15 srvpf pfdns: pfdns(3121) INFO: [mac:[undef]] stopping
pfdns (main::END)
Aug 8 17:04:23 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]] invalid
IP: from __ANON__ (pf::util::valid_ip)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::SwitchTypesConfigured in
local cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::SwitchTypesConfigured in
local cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::SwitchTypesConfigured in
local cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::SwitchTypesConfigured in
local cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::SwitchTypesConfigured in
local cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::SwitchTypesConfigured in
local cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::SwitchTypesConfigured in
local cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::SwitchTypesConfigured in
local cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::SwitchTypesConfigured in
local cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::SwitchTypesConfigured in
local cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::SwitchTypesConfigured in
local cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::SwitchTypesConfigured in
local cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::SwitchTypesConfigured in
local cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::SwitchTypesConfigured in
local cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::SwitchTypesConfigured in
local cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::SwitchTypesConfigured in
local cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]] cache get
for namespace='configfiles', key='/usr/local/pf/conf/pf.conf',
cache='Redis:l1_cache', time='0ms': MISS (not in cache)
(CHI::Driver::_log_get_result)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]] cache get
for namespace='Default', key='HASH(0x3e4b210)', cache='RawMemory',
time='0ms': MISS (not in cache) (CHI::Driver::_log_get_result)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]] cache set
for namespace='Default',
key='{"encoding":null,"reconnect":"60","server":"127.0.0.1:6379"}',
size=1, expires='never', cache='RawMemory', time='0ms'
(CHI::Driver::_log_set_result)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]] cache get
for namespace='configfiles', key='/usr/local/pf/conf/pf.conf',
cache='Redis', time='3ms': HIT (CHI::Driver::_log_get_result)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]] cache set
for namespace='configfiles', key='/usr/local/pf/conf/pf.conf', size=1,
expires='never', cache='Redis:l1_cache', time='0ms'
(CHI::Driver::_log_set_result)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Pf in local cached_hash
(pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Pf in local cached_hash
(pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Pf in local cached_hash
(pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Pf in local cached_hash
(pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Pf in local cached_hash
(pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Pf in local cached_hash
(pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Pf in local cached_hash
(pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Pf in local cached_hash
(pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Pf in local cached_hash
(pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Pf in local cached_hash
(pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Pf in local cached_hash
(pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Pf in local cached_hash
(pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Network in local
cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Network in local
cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Network in local
cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Network in local
cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Network in local
cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Network in local
cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Network in local
cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:26 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Process
pfdns - 1 handling request for IP : 192.168.112.10 (main::response_handler)
Aug 8 17:04:26 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]]
instantiating new pf::access_filter::dns (pf::access_filter::new)
Aug 8 17:04:26 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Requested
Domain: clients4.google.com (main::regzone)
Aug 8 17:04:26 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key resource::passthroughs in local
cached_hash (pfconfig::cached::is_valid)
Aug 8 17:04:26 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]]
instantiating new pf::access_filter::dns (pf::access_filter::new)
Aug 8 17:04:26 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Pf in local cached_hash
(pfconfig::cached::is_valid)
Aug 8 17:04:26 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Pf in local cached_hash
(pfconfig::cached::is_valid)
Aug 8 17:04:26 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory
configuration is still valid for key config::Pf in local cached_hash
(pfconfig::cached::is_valid)
<CUT>
Aug 8 17:04:38 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Process
pfdns - 3 handling request for IP : 192.168.112.10 (main::response_handler)
Aug 8 17:04:38 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]]
instantiating new pf::access_filter::dns (pf::access_filter::new)
Aug 8 17:04:38 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Requested
Domain: portquiz.net (main::regzone)
Aug 8 17:04:38 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]] cache get
for namespace='Default', key='HASH(0x3e4b210)', cache='RawMemory',
time='0ms': MISS (not in cache) (CHI::Driver::_log_get_result)
Aug 8 17:04:38 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]] cache set
for namespace='Default',
key='{"encoding":null,"reconnect":"60","server":"127.0.0.1:6379"}',
size=1, expires='never', cache='RawMemory', time='0ms'
(CHI::Driver::_log_set_result)
Aug 8 17:04:38 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]] cache get
for namespace='pfdns', key='resolve-A-portquiz.net', cache='Redis',
time='2ms': MISS (not in cache) (CHI::Driver::_log_get_result)
Aug 8 17:04:38 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]] cache set
for namespace='pfdns', key='resolve-A-portquiz.net', size=60,
expires='10m', cache='Redis', time='0ms' (CHI::Driver::_log_set_result)
Aug 8 17:04:38 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] ipset
process pid : 4642 (pf::ipset_cache::_add_pairs_to_ipset)
Aug 8 17:04:38 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]] cache set
for namespace='pfsession_passthrough', key='178.33.250.62,tcp:80',
size=1, expires='never', cache='RawMemory', time='0ms'
(CHI::Driver::_log_set_result)
Aug 8 17:04:38 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]] cache set
for namespace='pfsession_passthrough', key='178.33.250.62,tcp:443',
size=1, expires='never', cache='RawMemory', time='0ms'
(CHI::Driver::_log_set_result)
Aug 8 17:04:38 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Response :
$VAR1 = [
'NOERROR',
[
bless( {
'owner' => bless( {
'origin' => bless( {
'label' => [
'portquiz',
'net'
]
},
'Net::DNS::DomainName' ),
'label' => []
}, 'Net::DNS::DomainName1035' ),
'rdlength' => 4,
'ttl' => 600,
'address' => '▒!▒>',
'class' => 1,
'type' => 1
}, 'Net::DNS::RR::A' )
],
[],
[],
{
'aa' => 1
}
];
(main::regzone)
--
Mammoli Cristian
System administrator
T. +39 0731 22911
Via Brodolini 6 | 60035 Jesi (an)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
