FreeBSD 6.1-RELEASE + PF

Hi,

I have problem to set up PIM and IGMP communication with pf
on FreeBSD
6.1-RELEASE. 

# pfctl -s state
self igmp 195.28.109.40 -> 224.0.0.2      
SINGLE:NO_TRAFFIC
self igmp 195.28.109.40 -> 224.0.0.13      
SINGLE:NO_TRAFFIC
self igmp 224.0.0.1 <- 195.28.109.25      
NO_TRAFFIC:SINGLE
self igmp 224.0.0.2 <- 195.28.109.40      
NO_TRAFFIC:SINGLE
self igmp 224.0.0.13 <- 195.28.109.40      
NO_TRAFFIC:SINGLE
self tcp 195.28.109.40:22 -> 195.28.109.37:58349      
ESTABLISHED:ESTABLISHED
self udp 255.255.255.255:8225 <- 195.28.109.29:1025      
NO_TRAFFIC:SINGLE
self pim 195.28.109.40 -> 224.0.0.13      
SINGLE:NO_TRAFFIC
self pim 224.0.0.13 <- 195.28.109.25      
NO_TRAFFIC:SINGLE
self pim 224.0.0.13 <- 195.28.109.40      
NO_TRAFFIC:SINGLE
self pfsync 195.28.109.40 -> 0.0.0.0      
SINGLE:NO_TRAFFIC

xorp immediately starts to give the following message:
[ 2006/06/09 17:13:24 WARNING xorp_fea XrlMfeaTarget ]
Handling method for mfea/0.1/send_protocol_message4 failed:
XrlCmdError 102 Command failed Cannot send PIMSM_4 protocol
message from 195.28.109.40 to 224.0.0.13 on vif em0:
sendmsg(proto 103 size 34 from 195.28.109.40 to 224.0.0.13
on vif em0) failed: Operation not permitted
[ 2006/06/09 17:13:24  ERROR xorp_pimsm4:18051 PIM +2623
xrl_pim_node.cc mfea_client_send_protocol_message_cb ]
Cannot send a protocol message: 102 Command failed Cannot
send PIMSM_4 protocol message from 195.28.109.40 to
224.0.0.13 on vif em0: sendmsg(proto 103 size 34 from
195.28.109.40 to 224.0.0.13 on vif em0) failed: Operation
not permitted

# pfctl -s rules
scrub in all fragment reassemble
block drop in log all
pass in on xl0 inet from <quadia> to 195.28.126.13
keep state
pass out on xl0 inet from 195.28.126.13 to <quadia>
keep state queue dflt
pass out on xl0 inet from 195.28.126.13 to any keep state
queue dflt
pass out on em0 inet all keep state queue dfltem
pass out on em1 inet all keep state queue dfltem1
pass in proto tcp from any to any port = ssh keep state
pass in on em0 inet proto udp from 195.28.109.0/24 to
195.28.109.40 port = 5060 keep state
pass in on em0 inet proto udp from 195.28.109.0/24 port =
8000 to 195.28.109.40 keep state
pass in on em0 inet proto udp from 195.28.109.0/24 port =
8001 to 195.28.109.40 keep state
pass in on em0 inet proto tcp from 195.28.109.36 to
195.28.109.40 port = nut keep state
pass in on em0 inet proto tcp from 195.28.109.37 to
195.28.109.40 port = http keep state
pass in on em0 inet proto tcp from 195.28.109.37 to
195.28.109.40 port = 4445 keep state
pass in on em0 inet proto tcp from 195.28.109.88 to
195.28.109.40 port = http keep state
pass in on em0 inet proto tcp from 195.28.109.88 to
195.28.109.40 port = 4445 keep state
pass in on em0 inet proto udp from 195.28.109.0/24 to
195.28.109.40 port 9999:20001 keep state
pass in on em0 inet proto udp from 195.28.109.0/24 to
195.28.109.40 port = domain keep state
pass in on em0 inet proto udp from 195.28.109.0/24 to
195.28.109.40 port = 4520 keep state
pass in on em0 inet proto udp from 195.28.109.0/24 to
195.28.109.40 port = 4569 keep state
pass in on em0 all keep state
pass in on em1 all keep state

when I disable the firewall xorp runs as expected. It does
not matter
if I add specific rule for PIM and IGMP or general, i.e. let
all
traffic go through.

Is it a bug in the pf or am I doing something wrong? Any
help appreciated.

Regards,

lk
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"

FreeBSD 6.1-RELEASE + PF

Thread: FreeBSD 6.1-RELEASE + PF