[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bridged OpenBSD Firewall v3.1 (fwd)



well not sure if this may help but we have too a Bridged OpenBSD Firewall v3.1
and after installing/rebuilding the kernel with the special patch to fix
the scrub problem we have no problem ...

the one thing i do not understand in this problem is dat the Bridge FW
is used to ftp??? doesn't is so that the FW has no live IP??? ours does
not... at least we have a 3rd interface that is connected to teh
internal network (private 10-net)


--- INTERNET ROUTER ----[  Bridged OpenBSD Firewall ] ----- OUR PUBLIC NETWORK
                             |
                             |-------------------- private network


if you look the archive you will see the URL to the site that explain
the scrub problem and where to get the patch...
I do believe that the problem is fixed in 3.2 BUT there some of the
setup has changed a bit... and also an other tip i was told is to control the
'state table' (/sbin/pfctl -m states=xxxx, i have this in /etc/rc.local)

and as far data that our FW need to handle ... abput 2M-25M hit/day and
we do ftp into the network without problem.. 100MB-1GB files .. no
problem..


still not sure if this may help .. but wanted to tell the OpenBSD ppl
that for us the Bridged OpenBSD Firewall is great! and we are very happy
with it...



> Hey,
> 
> Perhaps this is interesting for the OpenBSD developers. It seems to be a
> brigde problem instead of a PF problem.
> 
> 
> Cheers,
> 
> Dries
> -- 
> Dries Schellekens
> email: gwyllion_(_at_)_ulyssis_(_dot_)_org
> 
> ---------- Forwarded message ----------
> Date: Thu, 10 Oct 2002 09:19:40 -0400
> From: Young K. Park <tallguy_(_at_)_comcast_(_dot_)_net>
> To: 'Dries Schellekens' <gwyllion_(_at_)_ace_(_dot_)_ulyssis_(_dot_)_org>
> Subject: RE: Bridged OpenBSD Firewall v3.1
> 
> First of all, thank you for your response,
> 
> After I sent out the e-mail, I disabled the firewall (pfctl -d) and
> tried to transfer a large file from the FW to another windows machine
> using FTP client.
> 
> The file size is about 86MB and I got the same error message.
> 
> Also, I am not using scrub options in my rule.
> 
> So I am thinking that my problem is not the FW at all.
> 
> Maybe, just enabling bridge causes the problem? Or hardware problem?
> 
> How do I trace the error? I know it's not that easy question.
> 
> I am testing with no pf and no bridge.
> 
> Thank you,
> 
> Young.
> 
> 
> 
> > 3. clean installation from openbsd-current (3.2 beta?) --> crash
> 
> This shouldn't happen. Only recently someone discovered that
> scrub+brigde still crashes on 3.2. This backtrace looked different.
> (http://marc.theaimsgroup.com/?l=openbsd-bugs&m=103407927912368&w=2)
> 
> ---> But, it crashed...hhmm...like what I said above, maybe it's not the
> firewall problem. But I don't know.
> 
> > 4. within the source tree, apply the patch "refrag.diff" to the tree
> > and compiled kernel & binaries --> crash
> 
> Is this 3.1 with refrag.diff? There is no use in applying refrag.diff on
> 3.2 because it is already in 3.2. Normally 3.1+refrag.diff should work.
> 
> --> I don't use scrub rule....should I use it? Hhmm...I applied
> refrag.diff to 3.1 source branch...
> 
> Could you tell me that how do I get the current source branch? (3.2 -
> current)
> 
> Thank you again,
> 
> Have great day.
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Dries Schellekens [mailto:gwyllion_(_at_)_ace_(_dot_)_ulyssis_(_dot_)_org]
> Sent: Thursday, October 10, 2002 4:35 AM
> To: Park, Young K
> Cc: misc_(_at_)_openbsd_(_dot_)_org
> Subject: Re: Bridged OpenBSD Firewall v3.1
> 
> 
> 
> 
> > ----------
> > From: 	Dries Schellekens[SMTP:GWYLLION_(_at_)_ACE_(_dot_)_ULYSSIS_(_dot_)_ORG]
> > Sent: 	Thursday, October 10, 2002 4:34:41 AM
> > To: 	Park, Young K
> > Cc: 	misc_(_at_)_openbsd_(_dot_)_org
> > Subject: 	Re: Bridged OpenBSD Firewall v3.1
> > Auto forwarded by a Rule
> >
> On Wed, 9 Oct 2002, Park, Young K wrote:
> 
> > Here are what I did.
> >
> > 1. clean installation from openbsd v3.1 CD. --> crash
> 
> This is expected.
> 
> > 2. download complete source branch via anoncvs server and compiled it
> > --> crash
> 
> The diff to fix the bug was to large to be ported to 3.1. So also logic.
> 
> > 3. clean installation from openbsd-current (3.2 beta?) --> crash
> 
> This shouldn't happen. Only recently someone discovered that
> scrub+brigde still crashes on 3.2. This backtrace looked different.
> (http://marc.theaimsgroup.com/?l=openbsd-bugs&m=103407927912368&w=2)
> 
> > 4. within the source tree, apply the patch "refrag.diff" to the tree
> > and compiled kernel & binaries --> crash
> 
> Is this 3.1 with refrag.diff? There is no use in applying refrag.diff on
> 3.2 because it is already in 3.2. Normally 3.1+refrag.diff should work.
> 
> Can you confirm that disabling scrub in PF fixes the problem?
> 
> 
> Cheers,
> 
> Dries
> -- 
> Dries Schellekens
> email: gwyllion_(_at_)_ulyssis_(_dot_)_org
> 

--- End of gwyllion_(_at_)_ace_(_dot_)_ulyssis_(_dot_)_org's quote ---

-- 
Kind regards,
Luc Suryo