I am new to FreeBSD, and UNIX in general but form the beginning I'm
fascinated. I had configured a FreeBSD 5.3 machine to be the
Firewall/gateway of 8 windows PC's. The machine has 2 interfaces one
(fxp0) is connected to the ADSL modem and the another (rl0) is
connected to a switch where the windows boxes are connected too. The
first problem is that sometimes, when ppp redial to the pppoe Internet
provider, I can use Internet from the FreeBSD machine, but not from
the internal network. I had found a workaround to this problem, I added
these lines to ppp.linkup
--------------------------------
server:~ $ cat /etc/ppp/ppp.linkup
default:
! pfctl -F all -f /etc/pf.conf
! /usr/local/etc/ez-ipupdate.conf
---------------------------------
Because after a connection drop and reconnect, sometimes the nat stop
working and refreshing the pf rules makes the nat to work again. But this
happens only sometimes.
The oder problem that I can't solve is the following:
In the FreeBSD manual states that one must use router_enable="NO" in
rc.conf, to avoid routed to delete the routes added by ppp. If I do
this, I can't have access to the box from the Internet by means of ssh.
For reference I added the content of the floowing files:
/etc/rc.conf
/etc/start_if.tun0
/etc/ppp/ppp.conf
/etc/pf.conf
/root/kernels/GENERICconALTQ # the kernel config file
demesg
Thank you very much!!!
-------------------------------------------------
server:~ $ cat /etc/rc.conf
# -- sysinstall generated deltas -- # Sun Nov 21 13:07:41 2004
# Created: Sun Nov 21 13:07:41 2004
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
hostname="server.estudio"
ifconfig_rl0="inet 192.168.2.1 netmask 255.255.255.0"
netd_enable="YES"
saver="dragon"
scrnmap="NO"
sshd_enable="YES"
sshd_flags="-4 -p 222"
usbd_enable="YES"
network_interfaces="lo0 tun0 rl0"
ifconfig_tun0#router_enable="NO"
router_enable="YES"
gateway_enable="YES" # Set to YES if this host will be a
gateway
pf_enable="YES" # Enable PF (load module if required)
pf_rules="/etc/pf.conf" # rules definition file for pf
pf_flags="" # additional flags for pfctl startup
#pflog_enable="YES" # start pflogd(8)
#pflog_logfile="/var/log/pflog" # where pflogd should store the
logfile
#pflog_flags="" # additional flags for pflogd startup
inetd_enable="YES" # Run the network daemon dispatcher
(YES/NO).
inetd_program="/usr/sbin/inetd" # path to inetd, if you want a
different one.
inetd_flags="-wW -C 60" # Optional flags to inetd
#nmbd_enable="YES"
#smbd_enable="YES"
#winbindd_enable="YES"
named_enable="YES" # Run named, the DNS server (or NO).
named_program="/usr/sbin/named" # path to named, if you want a
different one.
named_flags="-u bind" # Flags for named
named_pidfile="/var/run/named/pid" # Must set this in named.conf as
well
named_chrootdir="/var/named" # Chroot directory (or ""
not to auto-chroot it)
named_chroot_autoupdate="YES" # Automatically install/update
chrooted
# components of named. See /etc/rc.d/named.
named_symlink_enable="YES" # Symlink the chrooted pid file
---------------------------------------------------------------
server:~ $ uname -a
FreeBSD server.estudio 5.3-RELEASE-p1 FreeBSD 5.3-RELEASE-p1 #1: Tue
Nov 23 02:13:24 ART 2004
root@server.estudio:/usr/obj/usr/src/sys/GENERICconALTQ i386
------------------------------------------------------------------------
server:~ $ cat /etc/start_if.tun0
ppp -ddial default && /usr/local/etc/ez-ipupdate.conf
-------------------------------------------------------------------
server:~ $ sudo cat /etc/ppp/ppp.conf
default:
set log Phase Chat IPCP CCP tun command
# set log Phase Chat LCP IPCP CCP tun command
# nat enable yes
# nat same_ports yes
# nat use_sockets yes
set device PPPoE:fxp0 # replace fxp0 with your Ethernet device
set mtu 1492
set mru 1492
enable mssfixup
set speed sync
disable acfcomp protocomp
deny acfcomp
set authname xxxxxx
set authkey yyyyyy
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.255
add default HISADDR
# enable lqr
disable ipv6cp
# set lqrperiod 25
enable dns
--------------------------------------------------------------------
server:~ $ cat /etc/pf.conf
###### Macros
NoRoute = "{ 127.0.0.1/8, 172.16.0.0/12, 10.0.0.0/8, 255.255.255.255/32
}"
###### Tables
######### Options
#set optimization aggressive
set debug loud
######### Normalization
#scrub in on tun0 all random-id no-df
scrub in on tun0 all
######### Queueing
altq on tun0 priq bandwidth 100Kb queue { q_pri, q_def, q_med }
queue q_pri priority 7
queue q_med priority 3
queue q_def priority 1 priq(default)
###### nat
# General:
nat on tun0 from 192.168.2.0/24 to any - (tun0)
rdr on rl0 proto udp from any to 192.168.2.1/32 port 53 - 200.42.0.109 port 53
# FTP y HTTP Server on the internal network:
#rdr on tun0 proto tcp from any to (tun0)/32 port 21 - 192.168.2.33 port 21
#rdr on tun0 proto tcp from any to (tun0)/32 port 80 - 192.168.2.33 port 80
# ftp-proxy
rdr on rl0 proto tcp from any to any port 21 - 127.0.0.1 port 8021
# VNC:
rdr on tun0 proto { tcp, udp } from any to (tun0)/32 port 5900 -
192.168.2.2 port 5900
rdr on tun0 proto { tcp, udp } from any to (tun0)/32 port 5800 -
192.168.2.2 port 5800
rdr on tun0 proto { tcp, udp } from any to (tun0)/32 port 5902 -
192.168.2.2 port 5900
rdr on tun0 proto { tcp, udp } from any to (tun0)/32 port 5903 -
192.168.2.3 port 5900
rdr on tun0 proto { tcp, udp } from any to (tun0)/32 port 5904 -
192.168.2.4 port 5900
rdr on tun0 proto { tcp, udp } from any to (tun0)/32 port 5905 -
192.168.2.5 port 5900
rdr on tun0 proto { tcp, udp } from any to (tun0)/32 port 5906 -
192.168.2.6 port 5900
rdr on tun0 proto { tcp, udp } from any to (tun0)/32 port 5907 -
192.168.2.7 port 5900
# Bit Torrent
rdr on tun0 proto tcp from any to (tun0)/32 port 6881:6999 -
192.168.2.39 port 6881:*
# MSN
rdr on tun0 proto { tcp, udp } from any to (tun0)/32 port 6891:6900 -
192.168.2.2 port 6891:*
####### Firewall rules
#pass in quick on tun0 all
# Antispoofing
block in log quick on tun0 inet from $NoRoute to any
block in log quick on tun0 inet from any to $NoRoute
# Block nmap scan
block in log quick on tun0 inet proto tcp from any to any flags FUP/FUP
block in log quick on tun0 inet proto tcp from any to any flags SF/SFRA
block in log quick on tun0 inet proto tcp from any to any flags /SFRA
# General rules:
pass in quick on lo0 all
pass out quick on lo0 all
pass in quick on rl0 proto udp from 192.168.2.0/24 to any port = 53 keep state
pass in quick on tun0 proto tcp from any to any port = 222 synproxy state
pass in quick on tun0 proto tcp from any to any port = 22 synproxy state
pass in quick on tun0 proto udp from any to any port = 500 keep state
pass in quick proto esp from any to any keep state
pass out quick proto esp from any to any keep state
pass out quick on tun0 proto tcp from any to any port { 22, 222 }
flags S/SA synproxy state queue q_pri
pass out quick on tun0 proto tcp from any to any flags S/SA synproxy
state queue (q_def, q_pri)
pass out quick on tun0 proto udp all modulate state
pass out quick on tun0 proto icmp from any to any keep state
#pass in quick on tun0 proto icmp from any to any keep state
# FTP y HTTP internal server:
pass in quick on tun0 proto tcp from any to any port = 21 flags S/SA
synproxy state
pass in quick on tun0 proto tcp from any to any port = 20 flags S/SA
synproxy state
# Passive ftp port range
pass in quick on tun0 proto tcp from any to any port 49151<65535
flags S/SA synproxy state
# VNC:
pass in quick on tun0 proto { tcp, udp } from any to any port = 5900
flags S/SA synproxy state queue q_med
pass in quick on tun0 proto { tcp, udp } from any to any port = 5800
flags S/SA synproxy state queue q_med
pass in quick on tun0 proto { tcp, udp } from any to any port = 5902
flags S/SA synproxy state queue q_med
pass in quick on tun0 proto { tcp, udp } from any to any port = 5903
flags S/SA synproxy state queue q_med
pass in quick on tun0 proto { tcp, udp } from any to any port = 5904
flags S/SA synproxy state queue q_med
pass in quick on tun0 proto { tcp, udp } from any to any port = 5905
flags S/SA synproxy state queue q_med
pass in quick on tun0 proto { tcp, udp } from any to any port = 5906
flags S/SA synproxy state queue q_med
pass in quick on tun0 proto { tcp, udp } from any to any port = 5907
flags S/SA synproxy state queue q_med
# Bit Torrent
pass in quick on tun0 proto tcp from any to any port 6880 < 7000
flags S/SA synproxy state
# MSN
pass in quick on tun0 proto { tcp, udp } from any to any port 6890 <
6901 flags S/SA synproxy state
# ftp proxy
pass in quick on tun0 inet proto tcp from any to tun0 port 49151
synproxy state queue (q_def, q_pri)
block in log on tun0 from any to any
-------------------------------------------------------------------
sudo cat /root/kernels/GENERICconALTQ | more
#
# GENERIC -- Generic kernel configuration file for FreeBSD/i386
#
# For more information on this file, please read the handbook section on
# Kernel Configuration Files:
#
# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-conf
ig.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the
# latest information.
#
# An exhaustive list of options and more detailed explanations of the
# device lines is also present in the ../../conf/NOTES and NOTES files.
# If you are in doubt as to the purpose or necessity of a line, check first
# in NOTES.
#
# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.413.2.6.2.2 2004/10/24 18:02:52 scottl
Exp $
machine i386
#cpu I486_CPU
#cpu I586_CPU
cpu I686_CPU
ident GENERIC
# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for
devices.
options SCHED_4BSD # 4BSD scheduler
options INET # InterNETworking
options INET6 # IPv6 communications protocols
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options MD_ROOT # MD is a potential root device
options NFSCLIENT # Network Filesystem Client
options NFSSERVER # Network Filesystem Server
options NFS_ROOT # NFS usable as /, requires NFSCLIENT
options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options SCSI_DELAY=15000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extension
s
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
options ADAPTIVE_GIANT # Giant mutex is adaptive.
# altq(9). Enable the base part of the hooks with the ALTQ option.
# Individual disciplines must be built into the base system and can not be
# loaded as modules at this point. In order to build a SMP kernel you must
# also have the ALTQ_NOPCC option.
options ALTQ
options ALTQ_CBQ # Class Bases Queueing
options ALTQ_RED # Random Early Drop
options ALTQ_RIO # RED In/Out
options ALTQ_HFSC # Hierarchical Packet Scheduler
options ALTQ_CDNR # Traffic conditioner
options ALTQ_PRIQ # Priority Queueing
options ALTQ_NOPCC # Required for SMP build
options ALTQ_DEBUG
device apic # I/O APIC
# Bus support. Do not remove isa, even if you have no isa slots
device isa
device eisa
device pci
# Floppy drives
device fdc
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
device ataraid # ATA RAID drives
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID # Static device numbering
# SCSI Controllers
#device ahb # EISA AHA1742 family
#device ahc # AHA2940 and onboard AIC7xxx devices
#device ahd # AHA39320/29320 and onboard AIC79xx devices
#device amd # AMD 53C974 (Tekram DC-390(T))
#device isp # Qlogic family
#device mpt # LSI-Logic MPT-Fusion
#device ncr # NCR/Symbios Logic
#device sym # NCR/Symbios Logic (newer chipsets +
those of `ncr')
#device trm # Tekram DC395U/UW/F DC315U adapters
#device adv # Advansys SCSI adapters
#device adw # Advansys wide SCSI adapters
device aha # Adaptec 154x SCSI adapters
device aic # Adaptec 15[012]x SCSI adapters, AIC-6[23]60.
#device bt # Buslogic/Mylex MultiMaster SCSI adapters
#device ncv # NCR 53C500
#device nsp # Workbit Ninja SCSI-3
#device stg # TMC 18C30/18C50
# SCSI peripherals
device scbus # SCSI bus (required for SCSI)
device ch # SCSI media changers
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device cd # CD
device pass # Passthrough device (direct SCSI access)
device ses # SCSI Environmental Services (and SAF-TE)
# RAID controllers interfaced to the SCSI subsystem
#device amr # AMI MegaRAID
#device asr # DPT SmartRAID V, VI and Adaptec SCSI RAID
#device ciss # Compaq Smart RAID 5*
#device dpt # DPT Smartcache III, IV - See NOTES for options
#device hptmv # Highpoint RocketRAID 182x
#device iir # Intel Integrated RAID
#device ips # IBM (Adaptec) ServeRAID
#device mly # Mylex AcceleRAID/eXtremeRAID
#device twa # 3ware 9000 series PATA/SATA RAID
# RAID controllers
#device aac # Adaptec FSA RAID
#device aacp # SCSI passthrough for aac (requires CAM)
#device ida # Compaq Smart RAID
#device mlx # Mylex DAC960 family
#device pst # Promise Supertrak SX6000
#device twe # 3ware ATA RAID
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device vga # VGA video card driver
device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
# Enable this for the pcvt (VT220 compatible) console driver
#device vt
#options XSERVER # support for X server on a vt console
#options FAT_CURSOR # start with block cursor
device agp # support several AGP chipsets
-----------------------------------------------------------
server:~ $ dmesg |more
pf_map_addr: selected address 200.xxx.xxx.xxx
pf_map_addr: selected address 200.xxx.xxx.xxx
pf_map_addr: selected address 200.xxx.xxx.xxx
pf_map_addr: selected address 200.xxx.xxx.xxx
pf_map_addr: selected address 200.xxx.xxx.xxx
pf_map_addr: selected address 200.xxx.xxx.xxx
.....
.....
.. "pf_map_addr: selected address 200.xxx.xxx.xxx" is repeated ~50
times
.....
....
pf_map_addr: selected address 200.xxx.xxx.xxx
pf_map_addr: selected address 200.xxx.xxx.xxx
pf_map_addr: selected address 200.xxx.xxx.xxx
pf_map_addr: selected address 200.xxx.xxx.xxx
adding osfp AIX 4.3 2 = 16384:64:0:44:0x2 1 (TS=,M=512,W=*0) 100401
adding osfp AIX 4.3 3 = 16384:64:0:44:0x2 1 (TS=,M=512,W=*0) 100402
adding osfp AIX 4.3 2-3 = 16384:64:0:44:0x2 1 (TS=,M=512,W=*0) 100403
....
.....
adding osfp Windows 2000 RFC1323 = *0:128:1:64:0x2040803 9
(TS=0,M=*0,W=0) b01004
adding osfp Windows XP RFC1323 = *0:128:1:64:0x2040803 9 (TS=0,M=*0,W=*0) b01403
adding osfp Windows XP = *0:128:1:48:0x403 4 (TS=,M=*0,W=*0) b01400
adding osfp Windows 2000 = *0:128:1:48:0x403 4 (TS=,M=*0,W=*0) b01000
pf: dropping packet with ip options
pf: dropping packet with ip options
Waiting (max 60 seconds) for system process `vnlru' to stop...done
Waiting (max 60 seconds) for system process `bufdaemon' to stop...done
Waiting (max 60 seconds) for system process `syncer' to stop...
Syncing disks, vnodes remaining...2 1 1 1 0 0 done
No buffers busy after final sync
Uptime: 3d4h14m37s
Shutting down ACPI
Rebooting...
Copyright (c) 1992-2004 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 5.3-RELEASE-p1 #1: Tue Nov 23 02:13:24 ART 2004
root@server.estudio:/usr/obj/usr/src/sys/GENERICconALTQ
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(R) CPU 2.53GHz (2527.01-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0xf34 Stepping = 4
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE
real memory = 266530816 (254 MB)
avail memory = 251162624 (239 MB)
ACPI APIC Table: <INTEL D865GBF
ioapic0 <Version 2.0 irqs 0-23 on motherboard
npx0: [FAST]
npx0: <math processor on motherboard
npx0: INT 16 interface
acpi0: <INTEL D865GBF on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz port 0x408-0x40b on acpi0
cpu0: <ACPI CPU on acpi0
pcib0: <ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus on pcib0
agp0: <Intel 82865G (865G GMCH) SVGA controller port 0xec00-0xec07
mem 0xffa80000-0xffafffff,0xf0000000-0xf7ffffff irq 16 at device 2.0
on pci0
agp0: detected 892k stolen memory
agp0: aperture size is 128M
uhci0: <Intel 82801EB (ICH5) USB controller USB-A port 0xc800-0xc81f
irq 16 at device 29.0 on pci0
uhci0: [GIANT-LOCKED]
usb0: <Intel 82801EB (ICH5) USB controller USB-A on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1: <Intel 82801EB (ICH5) USB controller USB-B port 0xcc00-0xcc1f
irq 19 at device 29.1 on pci0
uhci1: [GIANT-LOCKED]
usb1: <Intel 82801EB (ICH5) USB controller USB-B on uhci1
usb1: USB revision 1.0
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2: <Intel 82801EB (ICH5) USB controller USB-C port 0xd000-0xd01f
irq 18 at device 29.2 on pci0
uhci2: [GIANT-LOCKED]
usb2: <Intel 82801EB (ICH5) USB controller USB-C on uhci2
usb2: USB revision 1.0
uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3: <Intel 82801EB (ICH5) USB controller USB-D port 0xd400-0xd41f
irq 16 at device 29.3 on pci0
uhci3: [GIANT-LOCKED]
usb3: <Intel 82801EB (ICH5) USB controller USB-D on uhci3
usb3: USB revision 1.0
uhub3: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
pci0: <serial bus, USB at device 29.7 (no driver attached)
pcib1: <ACPI PCI-PCI bridge at device 30.0 on pci0
pci1: <ACPI PCI bus on pcib1
rl0: <RealTek 8139 10/100BaseTX port 0xb800-0xb8ff mem
0xff8ffc00-0xff8ffcff irq 22 at device 1.0 on pci1
miibus0: <MII bus on rl0
rlphy0: <RealTek internal media interface on miibus0
rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl0: Ethernet address: 00:08:54:1d:8b:e5
fxp0: <Intel 82801BA (D865) Pro/100 VE Ethernet port 0xbc00-0xbc3f
mem 0xff8fe000-0xff8fefff irq 20 at device 8.0 on pci1
miibus1: <MII bus on fxp0
inphy0: <i82562ET 10/100 media interface on miibus1
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp0: Ethernet address: 00:11:11:85:ef:a8
isab0: <PCI-ISA bridge at device 31.0 on pci0
isa0: <ISA bus on isab0
atapci0: <Intel ICH5 UDMA100 controller port
0xffa0-0xffaf,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 31.1 on
pci0
ata0: channel #0 on atapci0
ata1: channel #1 on atapci0
atapci1: <Intel ICH5 SATA150 controller port
0xd800-0xd80f,0xdc00-0xdc03,0xe000-0xe007,0xe400-0xe403,0xe800-0xe807
irq 18 at device 31.2 on pci0
ata2: channel #0 on atapci1
ata3: channel #1 on atapci1
pci0: <serial bus, SMBus at device 31.3 (no driver attached)
pci0: <multimedia, audio at device 31.5 (no driver attached)
acpi_button0: <Sleep Button on acpi0
fdc0: <floppy drive controller port
0x3f7,0x3f4-0x3f5,0x3f2-0x3f3,0x3f0-0x3f1 irq 6 drq 2 on acpi0
fdc0: [FAST]
fd0: <1440-KB 3.5" drive on fdc0 drive 0
sio0: configured irq 4 not in bitmap of probed irqs 0
sio0: port may not be enabled
sio0: <16550A-compatible COM port port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A
ppc0: <Standard parallel printer port port 0x378-0x37f irq 7 on acpi0
ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode
ppbus0: <Parallel port bus on ppc0
plip0: <PLIP network interface on ppbus0
lpt0: <Printer on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O on ppbus0
pmtimer0 on isa0
atkbdc0: <Keyboard controller (i8042) at port 0x64,0x60 on isa0
atkbd0: <AT Keyboard irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
sc0: <System console at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
vga0: <Generic ISA VGA at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 2527014649 Hz quality 800
Timecounters tick every 10.000 msec
acpi_cpu: throttling enabled, 8 steps (100% to 12.5%), currently 100.0%
ad0: 152627MB <WDC WD1600BB-00DWA0/15.05R15 [310101/16/63] at
ata0-master UDMA100
acd0: CDROM <CDU5211/YYS7 at ata1-master UDMA33
Mounting root from ufs:/dev/ad0s1a
altq: emulate 256000000Hz cpu clock
pf: started
altq: started
pf: dropping packet with ip options
pf: dropping packet with ip options
pf: dropping packet with ip options
-------------------------------------------------