Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: scott <8f27e956@...>

To: Camiel Dobbelaar <cd@...>

Cc: <misc@...>

Subject: Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working

Date: Tuesday, December 11, 2007 - 4:59 am

The anchors are in the running rule set, per the man and faq examples,
right in the nat/rdr top-of-the-rule-set section, just not shown in the
(snip) included in the post. If they weren't there the "user proxy"
version of snip wouldn't be working.

Thanks for the link, it *may* be relevant; however, the fact that [pass
quick] "user proxy" works and [pass quick] "tagged <tag>" does not -- in
an otherwise IDENTICAL rule set -- suggests that order (placement with
regard to anchors) is NOT a factor (in my case).

If the anchor's "quick" was in play, then -I would think that- the "user
proxy" version rule would never be a positive factor AND the [pass
quick] "tagged <tag> version would NOT be failing on the final BLOCK ALL
rule. The anchor-quick would have already happened. 

Additionally, the "pfctl -vvvs rules" counters are ZERO for the "tagged
<tag>" version and otherwise correct and incrementing for "user proxy"
version.


-----Original Message-----
From: Camiel Dobbelaar <cd@sentia.nl>
To: S. Scott Sima, CISA, CISM <scott.sima@itcatalyst.ca>
Cc: misc@openbsd.org
Subject: Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working
Date: Tue, 11 Dec 2007 07:31:01 +0100
Mailer: Thunderbird 2.0.0.9 (Windows/20071031)

I don't see the anchors, you need those with tagging too.  Other then
that, it may still not work as expected, see:
http://marc.info/?l=openbsd-misc&m=119729395125104&w=2

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working, S. Scott Sima, CISA, CISM..., (Mon Dec 10, 8:27 pm)

Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working, Camiel Dobbelaar, (Tue Dec 11, 2:31 am)

Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working, S. Scott Sima, CISA, CISM..., (Tue Dec 11, 4:48 am)

Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working, scott, (Tue Dec 11, 4:59 am)


linux-kernel:
Linus Torvalds	Linux 2.6.27-rc8
Greg KH	[patch 00/71] 2.6.26-stable review
Dmitry Torokhov	2.6.27-rc8+ - first impressions
jimmy bahuleyan	Re: Hibernation considerations
git:
Petr Baudis	[FYI][PATCH] Customizing the WinGit installer
Jan Hudec	Re: [PATCH] Move all dashed form git commands to libexecdir
Jay Soffian	Re: [PATCH] gitweb: Support caching projects list
Mark Levedahl	Allowing override of the default "origin" nickname
openbsd-misc:
Richard Stallman	Real men don't attack straw men
Leon Dippenaar	New tcp stack attack
Luca Dell'Oca	Authenticate squid in Active Directory
Todd Pytel	IDE or SCSI virtual disks for VMWare image?
linux-netdev:
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Matthew Dharm	Re: [RFC] Patch to option HSO driver to the kernel
Ingo Molnar	Re: [bug] stuck localhost TCP connections, v2.6.26-rc3+
David Miller	Re: [GIT PULL] [IPV6] COMPAT: Fix SSM applications on 64bit kernels.


usb mic not detected	41 minutes ago	Applications and Utilities
linux-2.6.10	1 hour ago	Linux kernel
How to detect usb device insertioin and removal event ?	4 hours ago	Linux general
Extended configuration Read/Write	5 hours ago	Windows
Add ext2 inode field	15 hours ago	Linux kernel
the kernel how to power off the machine	1 day ago	Linux kernel
struct gendisk via request_queue	1 day ago	Linux kernel
page initialization during kernel initialization	2 days ago	Linux kernel
Read Transport Layer Data form network packets (tcp/ip)	2 days ago	Linux kernel
Getting blinking screen in Fedora 9	3 days ago	Linux general

Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working

Online users