More Web Proxy on the site http://driver.im/
NetBSD Problem Report #45846
From hauke@Espresso.Rhein-Neckar.DE Mon Jan 16 20:29:55 2012
Return-Path: <hauke@Espresso.Rhein-Neckar.DE>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id B0C2C63B84C
for <gnats-bugs@gnats.NetBSD.org>; Mon, 16 Jan 2012 20:29:55 +0000 (UTC)
Message-Id: <201201162022.q0GKMnFB000692@pizza.causeuse.org>
Date: Mon, 16 Jan 2012 21:22:49 +0100 (CET)
From: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
Reply-To: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
To: gnats-bugs@gnats.NetBSD.org
Cc: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
Subject: pf(4) re-directs broken
X-Send-Pr-Version: 3.95
>Number: 45846
>Category: kern
>Synopsis: pf(4) re-directs broken
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Jan 16 20:30:00 +0000 2012
>Originator: Hauke Fath
>Release: NetBSD 5.99.60
>Organization:
Falling Raindrops
>Environment:
System: NetBSD pizza.causeuse.org 5.99.60 NetBSD 5.99.60 (PIZZA_UP_PF) #0: Mon Jan 16 14:13:03 CET 2012 hf@Hochstuhl:/var/obj/netbsd-builds/developer/sparc/sys/arch/sparc/compile/PIZZA_UP_PF sparc
Architecture: sparc
Machine: sparc
>Description:
After upgrading my router from netbsd-4 to HEAD, I found the
re-directs I had set up for smtp access towards the router's
sendmail and http access towards the local squid were
broken. With rules the shape of
pass out proto tcp all modulate state flags S/SA
pass out proto { udp icmp } all keep state
# Redirect all smtp to 130.83.xx.yy to pizza's sendmail
rdr log on $lan_if proto tcp from $lan_if:network to 130.83.0.0/16 port smtp \
-> 172.16.7.10 port smtp
[...]
pass in log on $lan_if proto tcp from $lan_if:network to 172.16.7.10 \
port smtp flags S/SA keep state
the incoming connection is logged,
2012-01-16 20:57:04.795504 rule 61/0(match): pass in on hme2: 172.16.8.22.49200 > 172.16.7.10.25: Flags [S], seq 2630112150, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 125415267 ecr 0,sackOK,eol], length 0
then - silence. Eventually, the MUA times out.
Same happens for web access (transparently) re-directed through squid.
>How-To-Repeat:
Set up a pf(4) based router on a -current machine, add rules
that re-direct traffic to local daemons. Find they do not work.
>Fix:
Before NetBSD 6, please, but you guessed that one.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.