No pf....route exists - BSD

This is a discussion on No pf....route exists - BSD ; Cannot get the configs just right. Any pointers from the more senior users here? It looks like I have a route set and pfctl should invoke the firewall rules to be read but its a nogo. A few points: - ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: No pf....route exists

  1. No pf....route exists

    Cannot get the configs just right. Any pointers from the more senior
    users here? It looks like I have a route set and pfctl should invoke
    the firewall rules to be read but its a nogo.


    A few points:
    - using a standalone host
    - a route has been set within the system according to the route command
    - I am connecting to the Internet with no firewall at this time...once
    pfctl invokes pf.conf "pfctl -e -f /etc/pf.conf" no packets route.
    - tcpdump is not collecting any data regarding the tun0 interface.


    A lease did not get set in...
    /var/db/dhclient.leases.em0


    Can anyone direct me to documentation that is more thurough than one
    finds in man regarding ifconfig and route. I'm a newbie here and need
    a bit of direction.

    The quad octets revealed in the following all differ: 69.209.aaa.aaa,
    69.209.bbb.bbb, adsl-69-209-ccc.ccc, adsl-69-209-ddd.ddd



    carbon# route show
    Routing tables

    Internet:
    Destination Gateway Flags Refs Use Mtu
    Interface
    default link#1 UC 0 0 -
    em0
    default adsl-69-209-ccc.ccc UGS 0 3196 -
    tun0
    adsl-69-209-ccc.ccc adsl-69-209-ddd.ddd UH 0 4 1492
    tun0

    Internet6:
    Destination Gateway Flags Refs Use Mtu
    Interface
    localhost localhost UH 0 0 33224
    lo0
    fe80::%em0/64 link#1 UC 0 0 -
    em0
    fe80::%lo0/64 fe80::1%lo0 U 0 0 -
    lo0
    ff01::/32 localhost UC 0 0 -
    lo0
    ff02::%em0/32 link#1 UC 0 0 -
    em0
    ff02::%lo0/32 localhost UC 0 0 -
    lo0
    ff02::%tun0/32 link#7 UC 0 0 1492
    tun0


    /var/log/ppp.log obviously a mess, but all of the texts that I have
    direct me to the setup that I currently have.

    May 23 14:38:49 carbon ppp[30543]: tun0: IPCP: deflink:
    RecvConfigAck(3) state = Ack-Sent
    May 23 14:38:49 carbon ppp[30543]: tun0: IPCP: IPADDR[6]
    69.209.aaa.aaa
    May 23 14:38:49 carbon ppp[30543]: tun0: IPCP: PRIDNS[6]
    206.141.192.60
    May 23 14:38:49 carbon ppp[30543]: tun0: IPCP: SECDNS[6]
    206.141.193.55
    May 23 14:38:49 carbon ppp[30543]: tun0: IPCP: deflink: State change
    Ack-Sent --> Opened
    May 23 14:38:49 carbon ppp[30543]: tun0: IPCP: deflink: LayerUp.
    May 23 14:38:49 carbon ppp[30543]: tun0: IPCP: myaddr 69.209.aaa.aaa
    hisaddr = 69.209.bbb.bbb
    May 23 14:38:49 carbon ppp[30543]: tun0: Warning: /etc/ppp/ppp.linkup:
    ! sh -c "/sbin/pfctl -e -f /etc/pf.conf": Invalid command
    May 23 14:38:49 carbon ppp[30543]: tun0: Warning: /etc/ppp/ppp.linkup:
    ! sh -c "/sbin/ifconfig pflog0 up": Invalid command
    May 23 14:38:49 carbon ppp[30543]: tun0: Warning: /etc/ppp/ppp.linkup:
    ! sh -c "/sbin/pflogd -d 5 -f /var/log/pflog": Invalid command
    May 23 14:38:49 carbon ppp[30543]: tun0: Warning: /etc/ppp/ppp.linkup:
    ! sh -c "/sbin/pfctl -e -f /etc/pf.conf": Invalid command
    May 23 14:38:49 carbon ppp[30543]: tun0: Warning: /etc/ppp/ppp.linkup:
    ! sh -c "/sbin/ifconfig pflog0 up": Invalid command
    May 23 14:38:49 carbon ppp[30543]: tun0: Warning: /etc/ppp/ppp.linkup:
    ! sh -c "/sbin/pflogd -d 5 -f /var/log/pflog": Invalid command
    May 23 14:38:49 carbon ppp[30543]: tun0: Warning: 0.0.0.0/0: Change
    route failed: errno: No such process


    In /etc/rc.local, ....should I have used "/sbin/route add! default
    HISADDR"
    /sbin/ifconfig em0 inet up
    /sbin/ifconfig lo0 localhost up
    /sbin/route -v flush
    /sbin/route add default HISADDR
    /usr/sbin/ppp -ddial pppoe


    Modifications to /etc/ppp.linkup
    MYADDR:
    ! sh -c "/sbin/pfctl -e -f /etc/pf.conf"
    ! sh -c "/sbin/ifconfig pflog0 up"
    ! sh -c "/sbin/pflogd -d 5 -f /var/log/pflog"


  2. Re: No pf....route exists

    "Inquiry" writes:

    > - using a standalone host
    > - a route has been set within the system according to the route command
    > - I am connecting to the Internet with no firewall at this time...once
    > pfctl invokes pf.conf "pfctl -e -f /etc/pf.conf" no packets route.


    It looks to me like you are making things overly complicated. (One of
    the errors is very easy to explain btw - the _ppp user does not have the
    privileges to run the pfctl command.)

    For one thing, why is it useful to enable or disable pf? pf does not
    consume a lot of resources, and compensating for dynamically assigned IP
    addresses does not take major magic.

    If you are able to connect to the internet without pf, I'd say you have
    a reasonable starting point. Go back to the last working setup (the
    last one which connected cleanly), strip away anything you're not
    positive you need, such as the route commands in rc.local. ppp is pretty
    good at setting sensible default routes, and IIRC the default HISADDR
    etc belongs strictly in the ppp config files, so you may be setting
    yourself up with a default route going essentially nowhere with your
    rc.local. Take it from there, create a nice rule set which does its
    filtering on the tun0 device.

    It's possible my evolving pf tutorial at http://www.bgnett.no/~peter/pf/
    is useful.

    --
    Peter N. M. Hansteen, member of the first RFC 1149 implementation team
    http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
    "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"

  3. Re: No pf....route exists

    Thank you for the response. I'll get on to it tonight.

    Several weeks ago I looked through the documents at
    http://www.blug.linux.no/rfc1149/ looks like it was a lot of fun! Glad
    to have received a response from you.


    Thanks,
    Tommy


    Peter N. M. Hansteen wrote:
    > "Inquiry" writes:
    >
    > > - using a standalone host
    > > - a route has been set within the system according to the route command
    > > - I am connecting to the Internet with no firewall at this time...once
    > > pfctl invokes pf.conf "pfctl -e -f /etc/pf.conf" no packets route.

    >
    > It looks to me like you are making things overly complicated. (One of
    > the errors is very easy to explain btw - the _ppp user does not have the
    > privileges to run the pfctl command.)
    >
    > For one thing, why is it useful to enable or disable pf? pf does not
    > consume a lot of resources, and compensating for dynamically assigned IP
    > addresses does not take major magic.
    >
    > If you are able to connect to the internet without pf, I'd say you have
    > a reasonable starting point. Go back to the last working setup (the
    > last one which connected cleanly), strip away anything you're not
    > positive you need, such as the route commands in rc.local. ppp is pretty
    > good at setting sensible default routes, and IIRC the default HISADDR
    > etc belongs strictly in the ppp config files, so you may be setting
    > yourself up with a default route going essentially nowhere with your
    > rc.local. Take it from there, create a nice rule set which does its
    > filtering on the tun0 device.
    >
    > It's possible my evolving pf tutorial at http://www.bgnett.no/~peter/pf/
    > is useful.
    >
    > --
    > Peter N. M. Hansteen, member of the first RFC 1149 implementation team
    > http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
    > "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"



  4. Re: No pf....route exists

    "Inquiry" writes:

    > Several weeks ago I looked through the documents at
    > http://www.blug.linux.no/rfc1149/ looks like it was a lot of fun!


    Oh, yes, it was good fun. I still have the machine that was pinged by
    carrier pigeon, BTW. A 2000 model, it's not in active daily use, but
    will serve as a kind of test bench for simple experiments.

    --
    Peter N. M. Hansteen, member of the first RFC 1149 implementation team
    http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
    "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"

+ Reply to Thread