PF stops tmux from working?!
Adam Vande More
amvandemore at gmail.com
Mon Oct 5 21:42:33 UTC 2015
On Mon, Oct 5, 2015 at 4:11 PM, Niklaas Baudet von Gersdorff <
niklaas at kulturflatrate.net> wrote:
> I have a host with several jails on it. The jails have a public IPv6
> assigned to the external interface. Using PF as firewall, I was used to
> block all incoming traffic and I initially set
>
> > pass out on $ext_if proto { tcp udp } all
>
> Recently, I changed the settings to also restrict outgoing traffic. E.g.
> there are some jails that are only allowed to send traffic within my
> IPv6 network.
>
> Since I restricted the access, in some jails, I cannot use tmux anymore
> which I don't understand because I wouldn't have thought of a relation
> between a terminal multiplexer and a firewall.
>
> > tmux -vvvvvvvv
>
> created some logfiles that I attached but they don't look promising.
> (The respective tmux-client-19034.log is empty.)
>
> I have read that it's possible to do some debugging with
>
> > truss tmux
>
> which, in fact, turned out some results that might relate the
> dysfunction of tmux to the changes of the firewall. The full file is
> attached, the lines that I assume relevant follow:
>
> > connect(5,{ AF_UNIX "/tmp/tmux-1001/default" },24) ERR#61 'Connection
> refused'
> > stat("/usr/share/nls/C/libc.cat",0x7fffffffdcd8) ERR#2 'No such file or
> directory'
> > stat("/usr/share/nls/libc/C",0x7fffffffdcd8) ERR#2 'No such file or
> directory'
> > stat("/usr/local/share/nls/C/libc.cat",0x7fffffffdcd8) ERR#2 'No such
> file or directory'
> > stat("/usr/local/share/nls/libc/C",0x7fffffffdcd8) ERR#2 'No such file
> or directory'
> [...]
> > socket(PF_INET,SOCK_DGRAM,0) ERR#43 'Protocol not
> supported'
> > poll({4/POLLIN},1,0) = 0 (0x0)
> > fcntl(0,F_GETFL,) = 6 (0x6)
> > fcntl(0,F_SETFL,0x2) = 0 (0x0)
> > process exit, rval = 1
>
> I have no clue what the above line mean but what made me suspicious is line
>
> > socket(PF_INET,SOCK_DGRAM,0) ERR#43 'Protocol not
> supported'
>
> because I relate "/PF/_INET" to the /pf/ firewall. Searching for
>
PF_INET != PF. Your issue isn't related to a firewall at all but rather
your previous question.
tmux is attempting to open an IPv4 socket and in your environment it isn't
supported.
--
Adam
More information about the freebsd-questions
mailing list