SEO

I'm using an OpenBSD 3.4 firewall for my home lan and everything less
some strange things. This is my net configuration:

here are my two interfaces (fxp1 is the $ext_if interface, it has no
address since I modified my router configuration to act as a bridge)

fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:08:c7:05:01:1c
media: Ethernet autoselect (10baseT)
status: active
inet 172.16.1.250 netmask 0xffffff00 broadcast 172.16.1.255
inet6 fe80::208:c7ff:fe05:11c%fxp0 prefixlen 64 scopeid 0x1
# ifconfig fxp1
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1492
address: 00:08:c7:b3:fa:00
media: Ethernet 10baseT
status: active
inet6 fe80::208:c7ff:feb3:fa00%fxp1 prefixlen 64 scopeid 0x2

here's my pf configuration infos

# grep -i pf /etc/rc.conf
pf=YES # Packet filter / NAT
pf_rules=/etc/pf.conf # Packet filter rules file
pflogd_flags="-s 256 -d10" # add more flags, ie. "-s 256"

and here's my pf.conf

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=> CLIP HERE < =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

ext_if = "tun0" # replace with actual external interface name i.e., dc0
int_if = "fxp0" # replace with actual internal interface name i.e., dc1
internal_net = "172.16.1.0/24"
myPC = "172.16.1.10"
eMule_TCP = "{ 4661:4711 }"
eMule_UDP = "{ 4665:4672 }"
table <rfc1918> const { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/24, 10.0.0.0/8, 169.254.0.0/16 }
set loginterface tun0
set optimization normal
set block-policy drop
set fingerprints "/etc/pf.os"
scrub in all no-df random-id
rdr on $ext_if proto tcp from any to ($ext_if) port 7777 -> $myPC port 7777
rdr on $ext_if proto tcp from any to ($ext_if) port 4662 -> $myPC port 4662
rdr on $ext_if proto udp from any to ($ext_if) port 4672 -> $myPC port 4672
pass in quick on $int_if from $internal_net to any
pass out quick on $int_if from any to $internal_net
pass quick on lo0 all
antispoof log quick for lo0
block return out log quick on $ext_if from any to <rfc1918>
pass out quick on $ext_if proto tcp all flags S/SA modulate state
pass out quick on $ext_if proto { udp, icmp } all keep state
block in quick on $ext_if from any to { 255.255.255.255, 224.0.0.0/8, 239.0.0.0/8 }
block in quick on $ext_if proto { 2, 103 } all
block return in log quick on $ext_if from <rfc1918> to any
pass in quick on $ext_if proto tcp from any to $myPC port { 4662, 6699 }
pass in quick on $ext_if proto tcp from any to $myPC port 7777 keep state
pass in quick on $ext_if proto udp from any to $myPC port { 4672, 8767 }
pass out quick on $ext_if proto tcp from $myPC port { 4662, 6699 } to any
pass out quick on $ext_if proto udp from $myPC port { 4672, 8767 } to any

pass in log quick on $ext_if inet proto icmp from any to any icmp-type { 3, 8, 11 }

block in log quick on $ext_if inet proto tcp from any to ($ext_if) port 113

block log quick all

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=> CLIP HERE < =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

the first strange thing is something blocking out my e-mails, e.g.

4701F886 1785 Tue Apr 6 08:06:53 aaa@bbb.it
(lost connection with 212.216.176.222[212.216.176.222] while sending end of data -- message may be sent more than once)
fff@ggg.it
and in pflog0 I'm seeing things such as

Apr 06 01:08:45.916584 rule 24/0(match): block out on tun0:
172.16.1.10.34177 > 212.216.176.222.25: R 2880:2880(0) ack 1 win 7504 <nop,nop,timestamp 2571593[|tcp]>

And here's my ppp.conf and a sample from my /var/log/ppp

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=> CLIP HERE < =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

default:
# set log Phase Chat LCP IPCP CCP tun command

set log Phase Chat IPCP CCP tun Connect Filter command

# set log Connect Filter command

# set device /dev/cua00
# set speed 921600
# set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"

# A PPPoE (PPP over Ethernet) setup may look like this:
#
# ppp -ddial -nat pppoe
# sostituire l'interfaccia rl1 con fxp1
pppoe:
set device "!/usr/sbin/pppoe -i fxp1"
# set mtu max 1492
set mru max 1492
set speed sync
disable acfcomp protocomp
deny acfcomp
enable lqr
accept lqr
set lqrperiod 60
set phone 8,35
enable mssfixup
set authname "xxxx@uuuu.it"
set authkey "WWWWW"
add default HISADDR

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=> CLIP HERE < =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Apr 6 20:17:50 smaug ppp[27771]: tun0: IPCP: deflink: RecvConfigAck(67) state = Ack-Sent
Apr 6 20:17:50 smaug ppp[27771]: tun0: IPCP: IPADDR[6] 82.51.54.46
Apr 6 20:17:50 smaug ppp[27771]: tun0: IPCP: deflink: State change Ack-Sent --> Opened
Apr 6 20:17:50 smaug ppp[27771]: tun0: IPCP: deflink: LayerUp.
Apr 6 20:17:50 smaug ppp[27771]: tun0: IPCP: myaddr 82.51.54.46 hisaddr = 192.168.100.1
Apr 6 20:17:50 smaug ppp[27771]: tun0: Warning: ff02::%tun0/32: Change route failed: errno: Undefined error: 0
Apr 6 20:17:50 smaug ppp[27771]: tun0: Phase: deflink: IPV6CP protocol reject closes IPV6CP !
Apr 6 20:17:53 smaug ppp[27771]: tun0: Phase: deflink: IPV6CP protocol reject closes IPV6CP !
Apr 6 20:17:55 smaug ppp[27771]: tun0: Phase: deflink: read (0): Connection reset by peer
Apr 6 20:17:55 smaug ppp[27771]: tun0: CCP: deflink: State change Stopped --> Closed
Apr 6 20:17:55 smaug ppp[27771]: tun0: CCP: deflink: State change Closed --> Initial
Apr 6 20:17:55 smaug ppp[27771]: tun0: Phase: deflink: open -> lcp
Apr 6 20:17:55 smaug ppp[27771]: tun0: Warning: ff02::%tun0/32: Change route failed: errno: Undefined error: 0
Apr 6 20:17:55 smaug ppp[27771]: tun0: IPCP: deflink: LayerDown: 82.51.54.46
Apr 6 20:17:55 smaug ppp[27771]: tun0: IPCP: deflink: State change Opened --> Starting
Apr 6 20:17:55 smaug ppp[27771]: tun0: IPCP: deflink: LayerFinish.
Apr 6 20:17:55 smaug ppp[27771]: tun0: IPCP: Connect time: 5 secs: 4097 octets in, 107081 octets out
Apr 6 20:17:55 smaug ppp[27771]: tun0: IPCP: 1325 packets in, 1495 packets out
Apr 6 20:17:55 smaug ppp[27771]: tun0: IPCP: total 22235 bytes/sec, peak 19669 bytes/sec on Tue Apr 6 20:17:55 2004
Apr 6 20:17:55 smaug ppp[27771]: tun0: IPCP: deflink: State change Starting --> Initial
Apr 6 20:17:55 smaug ppp[27771]: tun0: Phase: bundle: Terminate
Apr 6 20:17:55 smaug ppp[27771]: tun0: Phase: deflink: Disconnected!
Apr 6 20:17:55 smaug ppp[27771]: tun0: Phase: deflink: lcp -> logout
Apr 6 20:17:55 smaug ppp[27771]: tun0: Phase: deflink: Disconnected!
Apr 6 20:17:55 smaug ppp[27771]: tun0: Phase: deflink: logout -> hangup
Apr 6 20:17:55 smaug ppp[27771]: tun0: Phase: deflink: Connect time: 5 secs: 4332 octets in, 107794 octets out
Apr 6 20:17:55 smaug ppp[27771]: tun0: Phase: deflink: 1695 packets in, 1885 packets out
Apr 6 20:17:55 smaug ppp[27771]: tun0: Phase: total 22425 bytes/sec, peak 18291 bytes/sec on Tue Apr 6 20:17:55 2004
Apr 6 20:17:55 smaug ppp[27771]: tun0: Phase: deflink: HUPing 7861
Apr 6 20:17:55 smaug ppp[27771]: tun0: Phase: deflink: hangup -> opening
Apr 6 20:17:55 smaug ppp[27771]: tun0: Phase: bundle: Establish
Apr 6 20:17:55 smaug ppp[27771]: tun0: Phase: deflink: Enter pause (3) for redialing.
Apr 6 20:17:55 smaug ppp[27771]: tun0: Chat: deflink: Reconnect try 39 of 0
Apr 6 20:17:58 smaug ppp[27771]: tun0: Chat: deflink: Redial timer expired.
Apr 6 20:17:58 smaug ppp[27771]: tun0: Phase: deflink: Connected!
Apr 6 20:17:58 smaug ppp[27771]: tun0: Phase: deflink: opening -> dial
Apr 6 20:17:58 smaug ppp[27771]: tun0: Phase: deflink: dial -> carrier
Apr 6 20:17:58 smaug ppp[27771]: tun0: Phase: deflink: carrier -> login
Apr 6 20:17:58 smaug ppp[27771]: tun0: Phase: deflink: login -> lcp
Apr 6 20:17:58 smaug ppp[27771]: tun0: Warning: deflink: Reducing configured MRU from 1500 to 1492
Apr 6 20:17:58 smaug ppp[27771]: tun0: Phase: bundle: Authenticate
Apr 6 20:17:58 smaug ppp[27771]: tun0: Phase: deflink: his = PAP, mine = none
Apr 6 20:17:58 smaug ppp[27771]: tun0: Phase: Pap Output: XXXX@YYYY ********
Apr 6 20:17:59 smaug ppp[27771]: tun0: Phase: Pap Input: SUCCESS ()
Apr 6 20:17:59 smaug ppp[27771]: tun0: CCP: FSM: Using "deflink" as a transport
Apr 6 20:17:59 smaug ppp[27771]: tun0: CCP: deflink: State change Initial --> Closed
Apr 6 20:17:59 smaug ppp[27771]: tun0: CCP: deflink: LayerStart.
Apr 6 20:17:59 smaug ppp[27771]: tun0: CCP: MPPE: Not usable without CHAP81
Apr 6 20:17:59 smaug ppp[27771]: tun0: CCP: deflink: SendConfigReq(1) state = Closed
Apr 6 20:17:59 smaug ppp[27771]: tun0: CCP: DEFLATE[4] win 15
Apr 6 20:17:59 smaug ppp[27771]: tun0: CCP: PRED1[2]
Apr 6 20:17:59 smaug ppp[27771]: tun0: CCP: deflink: State change Closed --> Req-Sent
Apr 6 20:17:59 smaug ppp[27771]: tun0: Phase: deflink: lcp -> open
Apr 6 20:17:59 smaug ppp[27771]: tun0: Phase: bundle: Network
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: FSM: Using "deflink" as a transport
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: deflink: State change Initial --> Closed
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: deflink: LayerStart.
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: deflink: SendConfigReq(68) state = Closed
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: IPADDR[6] 82.51.54.46
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: COMPPROTO[6] 16 VJ slots with slot compression
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: deflink: State change Closed --> Req-Sent
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: deflink: RecvConfigReq(1) state = Req-Sent
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: IPADDR[6] 192.168.100.1
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: deflink: SendConfigAck(1) state = Req-Sent
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: IPADDR[6] 192.168.100.1
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: deflink: State change Req-Sent --> Ack-Sent
Apr 6 20:17:59 smaug ppp[27771]: tun0: CCP: deflink: State change Req-Sent --> Stopped
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: deflink: RecvConfigRej(68) state = Ack-Sent
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: COMPPROTO[6] 16 VJ slots with slot compression
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: deflink: SendConfigReq(69) state = Ack-Sent
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: IPADDR[6] 82.51.54.46
Apr 6 20:17:59 smaug ppp[27771]: tun0: Phase: deflink: IPV6CP protocol reject closes IPV6CP !
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: deflink: RecvConfigAck(69) state = Ack-Sent
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: IPADDR[6] 82.51.54.46
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: deflink: State change Ack-Sent --> Opened
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: deflink: LayerUp.
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: myaddr 82.51.54.46 hisaddr = 192.168.100.1
Apr 6 20:17:59 smaug ppp[27771]: tun0: Warning: ff02::%tun0/32: Change route failed: errno: Undefined error: 0
Apr 6 20:17:59 smaug ppp[27771]: tun0: Phase: deflink: IPV6CP protocol reject closes IPV6CP !
Apr 6 20:17:59 smaug ppp[27771]: tun0: Phase: deflink: read (0): Connection reset by peer
Apr 6 20:17:59 smaug ppp[27771]: tun0: CCP: deflink: State change Stopped --> Closed
Apr 6 20:17:59 smaug ppp[27771]: tun0: CCP: deflink: State change Closed --> Initial
Apr 6 20:17:59 smaug ppp[27771]: tun0: Phase: deflink: open -> lcp
Apr 6 20:17:59 smaug ppp[27771]: tun0: Warning: ff02::%tun0/32: Change route failed: errno: Undefined error: 0
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: deflink: LayerDown: 82.51.54.46
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: deflink: State change Opened --> Starting
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: deflink: LayerFinish.
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: Connect time: 0 secs: 0 octets in, 4364 octets out
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: 1325 packets in, 1498 packets out
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: total 4364 bytes/sec, peak 0 bytes/sec on Tue Apr 6 20:17:59 2004
Apr 6 20:17:59 smaug ppp[27771]: tun0: IPCP: deflink: State change Starting --> Initial
Apr 6 20:17:59 smaug ppp[27771]: tun0: Phase: bundle: Terminate
Apr 6 20:17:59 smaug ppp[27771]: tun0: Phase: deflink: Disconnected!

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=> CLIP HERE < =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

and more, when I try to get the news from my news server everything
goes ok if I don't have any articles to post in queue, else I surely
get a socket error while reading. There must be something wrong but
I really can't see where.. How is it that it needs at least 10-15
minutes and a lot of retries to get me online? any hint? TIA.

--
Pierluigi De Rosa (thorin@durin.khazad-dum.net).
<< LINUX: the choice of a GNU generation >>
<< For my real address... ask the Balrog. >>
* Sostenete la Lega per la Soppressione dei Troll *