From owner-freebsd-net@FreeBSD.ORG  Tue Mar 16 04:34:29 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6AE2A16A4CE; Tue, 16 Mar 2004 04:34:29 -0800 (PST)
Received: from cell.sick.ru (cell.sick.ru [217.72.144.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 8B56743D39; Tue, 16 Mar 2004 04:34:28 -0800 (PST)
	(envelope-from glebius@cell.sick.ru)
Received: from cell.sick.ru (glebius@localhost [127.0.0.1])
	by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i2GCYOQE017033
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 16 Mar 2004 15:34:25 +0300 (MSK)
	(envelope-from glebius@cell.sick.ru)
Received: (from glebius@localhost)
	by cell.sick.ru (8.12.9/8.12.6/Submit) id i2GCYOAg017032;
	Tue, 16 Mar 2004 15:34:24 +0300 (MSK)
Date: Tue, 16 Mar 2004 15:34:24 +0300
From: Gleb Smirnoff <glebius@cell.sick.ru>
To: Zherdev Anatoly <tolyar@mx.ru>
Message-ID: <20040316123424.GA17010@cell.sick.ru>
Mail-Followup-To: Gleb Smirnoff <glebius@cell.sick.ru>,
	Zherdev Anatoly <tolyar@mx.ru>,
	"Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>,
	freebsd-net@freebsd.org, Andre Oppermann <andre@freebsd.org>
References: <20040316125335.5f64cac5@dwarf.demos.su>
	<20040316131256.015a082d@dwarf.demos.su> <4056D84C.514EC45C@freebsd.org>
	<Pine.BSF.4.53.0403161129010.51220@e0-0.zab2.int.zabbadoz.net>
	<20040316151832.3f8b9012@dwarf.demos.su>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <20040316151832.3f8b9012@dwarf.demos.su>
User-Agent: Mutt/1.5.6i
cc: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
cc: Andre Oppermann <andre@freebsd.org>
cc: freebsd-net@freebsd.org
Subject: Re: Problem with closing tcp session between cisco and freebsd
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Mar 2004 12:34:29 -0000

On Tue, Mar 16, 2004 at 03:18:32PM +0300, Zherdev Anatoly wrote:
Z> > > So no obvious suspect.  Before digging deep into the code its better
Z> > > to have some more surrounding information.
Z> > 
Z> > Another question: any packet filters in between ?
Z> 
Z> Yes i have IPFW1 on this servers (it was the same problem on two servers at one time and one cisco)
Z> But in IPFW i have ACCEPT by default and only this deny rules:
Z> 
Z> 00200 deny ip from any to 127.0.0.0/8
Z> 00300 deny ip from 127.0.0.0/8 to any
Z> 00400 deny log logamount 100 tcp from any to any 135-139,445,593
Z> 00500 deny log logamount 100 udp from any to any 135-139,445
Z> 01100 deny tcp from any to any 22 in recv fxp1
Z> 01600 reset tcp from any to any 113
Z> 
Z> I make ipfw flush when i see this situation and keep only 
Z> 65535 allow ip from any to any
Z> but problem was not resolved and tcp session not ended.

Another snap question: 

what is value of net.inet.tcp.blackhole sysctl?

-- 
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE