ipf Kernel Panic log.. w/ Vonage linksys RT31P2, 5.4 Stable, IPF + IPNAT

Louis Mamakos louie at transsys.com
Tue Jun 14 04:03:17 GMT 2005 

The Vonage RT31P2 does not talk H.323, and it's not necessary to do 
anything other than plain vanilla NAT to have it work through a 
firewall.  That is, no port forwarding, no SIP payload re-writing, etc. 
  Just plain vanilla NAT for both the SIP signaling and the RTP payload 
will be all that's necessary.

I use ipfw with my Vonage service, but there's nothing special that I do 
for NAT.  I don't do ipf..

Louis Mamakos


Vladimir Botka wrote:
> Hello,
> if your "Vonage linksys RT31P2" talks H323 try /usr/ports/net/gatekeeper 
> in proxy mode.
> 
> Cheers,
> Vladimir Botka
> 
> On Sun, 12 Jun 2005, Damon Hopkins wrote:
> 
>> I can reproduce this very easily.. I pick up my phone and make a call
>> Current Setup
>> <Cable Modem>---<FreeBSD 5.4 Stable>---<HUB>--<Machines>
>>                                         \------<Vonage Linksys RT31P2>
>>
>> I've tried various nap rules and ipf filter settings.. here are the
>> current mappings and setup.. the kernel is GENERIC w/ the debuggong
>> stuff put in it.
>> ---------------- IPNAT RULES --------------------
>> map vr0 10.69.0.0/24 -> 0/32 proxy port ftp ftp/tcp
>> map vr0 10.69.0.0/24 -> 0/32
>>
>> ----------------- IPF RULES ---------------------
>> pass in quick on lo0 proto tcp from any to any flags S keep state
>> pass in quick on lo0 proto udp from any to any keep state
>> pass in quick on lo0 proto icmp from any to any keep state
>> pass in quick on lo0 all keep state
>> pass out quick on lo0 proto tcp from any to any flags S keep state
>> pass out quick on lo0 proto udp from any to any keep state
>> pass out quick on lo0 proto icmp from any to any keep state
>> pass out quick on lo0 all keep state
>>
>> pass in quick on rl0 proto tcp from any to any flags S keep state
>> pass in log first quick on rl0 proto udp from any to any keep state
>> pass in log first quick on rl0 proto icmp from any to any keep state 
>> keep frags
>> pass in quick on rl0 all keep state
>> pass out quick on rl0 proto tcp from any to any flags S keep state
>> pass out log first quick on rl0 proto udp from any to any keep state
>> pass out log first quick on rl0 proto icmp from any to any keep state
>> keep frags
>> pass out quick on rl0 all keep state
>>
>> pass in quick on vr0 proto tcp from any to any flags S keep state keep 
>> frags
>> pass in quick on vr0 proto udp from any to any keep state keep frags
>> pass in log first quick on vr0 proto icmp from any to any keep state
>> keep frags
>> pass in quick on vr0 all keep state keep frags
>> pass out quick on vr0 proto tcp from any to any flags S keep state keep
>> frags
>> pass out quick on vr0 proto udp from any to any keep state keep frags
>> pass out log first quick on vr0 proto icmp from any to any keep state
>> keep frags
>> pass out quick on vr0 all keep state keep frags
>>
>> pass in quick on ng0 proto tcp from any to any flags S keep state
>> pass in quick on ng0 proto udp from any to any keep state
>> pass in log first quick on ng0 proto icmp from any to any keep state
>> pass in quick on ng0 all keep state
>> pass out quick on ng0 proto tcp from any to any flags S keep state
>> pass out quick on ng0 proto udp from any to any keep state
>> pass out log first quick on ng0 proto icmp from any to any keep state
>> pass out quick on ng0 all keep state
>>
>> <SNIP> MORE ng rules form my other VPNS </SNIP>
>> I've also just tried to pass everything
>> pass in quick on vr0 all
>> pass out quick on vr0 all
>>
>> but that didn't help any
>>
>> I've notices a lot of UDP traffic from the linksys adapter durring a 
>> phone call..
>>
>> Thanks Guys.. I hope this gets fixes real fast cause my old number 
>> goes away in a few days and this is not going to be fun.. I can't put 
>> the linksys adapter in front of the firewall because it doesn't route 
>> my VPN's.. we use MPD and bgpd (zebra)
>>
>>
>> Later,
>> Damon Hopkins
>>
>> ------------- DEBUG OUTPUT ----------------------
>> Fatal trap 12: page fault while in kernel mode
>> fault virtual address    = 0xc
>> fault code        = supervisor read, page not present
>> instruction pointer    = 0x8:0xc0651550
>> stack pointer        = 0x10:0xd3d46aec
>> frame pointer        = 0x10:0xd3d46af8
>> code segment        = base 0x0, limit 0xfffffm type 0x1b
>>             = DPL 0, pres 1, def32 1, gran 1
>> processor eflags    = interrupt enabled, resume, IOPL = 0
>> current process        = 27 (swi1:net)
>> [thread pid 27 tid 100021 ]
>> Stopped at m_copydata+0x28:    movl    0xc(%esi),%eax
>> db> examine
>> m_copydata+0x28:    290c468b
>> db> trace
>> Tracing pid 27 tid 100021 td 0xc15a4180
>> mcopydata(c17fa400,0,38,c193abc0,0) at m_copydata+0x28
>> ipllog(0,d3d46bc8,d3d46b50,d3d46b48,d3d46b40) at ipllog+0x1f1
>> ipflog(105819,c17fa450,d3d46bc8,c17fa400,0) at ipflog+0x18f
>> fr_check(c17fa450,14,c16c6000,0,d3d46c70) at fr_check+0xc6c
>> fr_check_wrapper(0,d3d46c70,c16c6000,1,0) at fr_check_wrapper+0x2a
>> pfil_run_hooks(c08fa5c0,d3d46cbc,c16c600,1,0) at pfil_run_hooks+0xeb
>> ip_input(c17fa400) at ip_input+0x211
>> netisr_processqueue(c08f9858) at netisr_processqueue+0x9f
>> swi_net(0) at swi_net+0xee
>> ithread_loop(c159a500,d3d46d38) at ithread_loop+0x151
>> fork_exit(c0609f4c,c159a500,d3d46d38) at fork_exit+0x74
>> fork_trampoline() at fork_trampoline+0x8
>> --- trap 0x1, eip = 0, esp = 0xd3d46d6c, ebp = 0 ---
>>
>> _______________________________________________
>> freebsd-stable at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>>
>>
>>
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>

More information about the freebsd-stable mailing list