DaemonForums  

Go Back   DaemonForums > Other Operating Systems > Other OS

Other OS Any other OS such as Microsoft Windows, BeOS, Plan9, Syllable, and whatnot.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 10th November 2008
cerulean's Avatar
cerulean cerulean is offline
Port Guard
 
Join Date: May 2008
Location: Arizona
Posts: 18
Thanked 0 Times in 0 Posts
Default Vista network issues behind PF Firewall

I have a very straight forward pf config doing NAT for the internal network. Works great with the 30+ WinXP, Win2000 and Linux machines, but recently someone added a Vista machine and it simply doesn't work. Very slow, lots of disconnects, etc. The Vista machine can access internal network resources without issue which seems to indicate this is not a hardware issue.

Below is my pf.conf file .. I did a search and found one thread on the mailing lists with similar issues but it didn't seem to resolve the problem (I can't seem to locate the thread this morning). Thanks for any advise (beyond getting rid of Vista.

#############################
# PF Configuration
###############################
ext_if = "vr0"
int_if = "fxp0"

tcp_services = "{ 0, 21, 8234, 22, 2200, 3389, 3388, 8234, 80, 81, 5820, 143, 443, 110, 25, 2500, 587, 993, 45000:50000, 55555 }"
udp_services = "{ 53, 993, 8234 }"

apnic_blocked_services = "{22, 2200, 25, 2500, 587, 20, 21}"

icmp_types = "echoreq"

priv_nets = "{ 127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8 }"

table <apnic> { 58.0.0.0/8, 59.0.0.0/8, 60.0.0.0/8, 61.0.0.0/8, 114.0.0.0/8, \
115.0.0.0/8, 116.0.0.0/8, 117.0.0.0/8, 118.0.0.0/8, 119.228.0.0/8, 120.0.0.0/8, \
121.0.0.0/8, 122.0.0.0/8, 123.0.0.0/8, 124.0.0.0/8, 125.0.0.0/8, 126.0.0.0/8, \
169.208.0.0/12, 202.0.0.0/8, 203.0.0.0/8, 210.0.0.0/8, 211.0.0.0/8, 218.0.0.0/8, \
219.0.0.0/8, 220.0.0.0/8, 221.0.0.0/8, 222.0.0.0/8 }

#############################
# PF Options
###############################

set block-policy return
set loginterface $ext_if
set skip on lo
scrub in all

#############################
# PF NAT Configuration
###############################

nat on $ext_if from !($ext_if) to any -> ($ext_if)
nat-anchor "ftp-proxy/*"

rdr-anchor "ftp-proxy/*"
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021

#############################
# PF Filter Rules
###############################

# Default Block Status

block in
pass out keep state

anchor "ftp-proxy/*"

antispoof quick for { lo $int_if }

block in quick on $ext_if inet proto tcp from <apnic> to ($ext_if) port $apnic_blocked_services

pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto udp from any to ($ext_if) port $udp_services keep state

pass in inet proto icmp all icmp-type $icmp_types keep state
pass in quick on $int_if
Reply With Quote
 

Tags
disconnect, pf, tcp window scaling, vista, windows

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
For those who REALLY need windoze, 2k, XP or Vista? fbsduser Other OS 68 4th July 2010 11:00 PM
dhcpd, vista and wlan hamba FreeBSD Ports and Packages 5 8th September 2009 04:34 PM
Cannot connect to IRC (network issues within OBSD?) guitarscn OpenBSD General 10 4th September 2009 12:35 PM
booting vista installer dvd bsdnewbie999 Other OS 9 15th October 2008 06:16 PM
Guide for KDE over SSH from Vista ua549 FreeBSD General 13 13th June 2008 07:20 PM


All times are GMT. The time now is 02:10 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick