[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PF panic on spoofed internal mac

Hey all, love the PF, but this is a first time dump, panic or any
problems at all really.
I use an internal Squid server, transparent, and works fine on every
other 5.3-RELEASE machine i've done.
Problem at this one location is that there is two nics, xl0, and xl1.
The $ext_if (xl1) needs a spoofed mac address due to old cable
settings, as natural the xl0 is the int_if.
I run a pretty default setup, but no scubbing, or other options that
deal with your first 2-3 sections. I do some standard redirects for
various protocols, and block some other ports.
When I enable transparent proxy, with squid that has been built
properly to support it, the first 2-3 hits on a webpage is fine.
After a few proxy attempts that do work, then I get a panic in
pf_socket lookup, at which point the machine will hard lock.
The solution so far, that makes all of the hard locks, and even any
panics is to remove the spoofed mac.
This mac was spoofed using the ifconfig xl0 ether XXX command, before
and after pf modules were loaded, or even enabled.
Any pointers? I am lucky enough to have the cable provider let us keep
the old IP, but with a new mac. Now that I am not spoofing the mac, PF
is running fine and smooth and not a single error at all.
Now my biggest enemy is trying to cache as much of windows update as I can.