From owner-freebsd-questions@FreeBSD.ORG Mon Jan 19 19:13:07 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B805106568C for ; Mon, 19 Jan 2009 19:13:07 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from zoom.lafn.org (zoom.lafn.org [206.117.18.8]) by mx1.freebsd.org (Postfix) with ESMTP id 6EFDE8FC1A for ; Mon, 19 Jan 2009 19:13:07 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from [10.0.1.196] (pool-71-109-162-173.lsanca.dsl-w.verizon.net [71.109.162.173]) (authenticated bits=0) by zoom.lafn.org (8.14.2/8.14.2) with ESMTP id n0JIiCnO028520 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Mon, 19 Jan 2009 10:44:13 -0800 (PST) (envelope-from bc979@lafn.org) Message-Id: <8904C35C-EDFE-419D-989E-84F20A364DD4@lafn.org> From: Doug Hardie To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Date: Mon, 19 Jan 2009 10:44:12 -0800 X-Mailer: Apple Mail (2.930.3) X-Virus-Scanned: ClamAV version 0.92.1, clamav-milter version 0.92.1 on zoom.lafn.org X-Virus-Status: Clean Subject: Port 7070 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jan 2009 19:13:07 -0000 I just ran a netcat (nc -z) on my production servers and found an unusual response: Connection to xxxx 7070 port [tcp/arcp] succeeded! I checked on all my production and test servers (7.0 stable as of quite some time ago) and got the same response. I can't figure out why that port is open. It always returns a reset when a connection is opened. netstat -an does not return any 7070 entries. sockstat does not show any 7070 entries. There is no 7070 entry in /etc/services. ktrace of inetd shows nothing. tcpdump on the server shows the SYN and RST packets only. tcpdump on the client machine shows a complete TCP negotiation completion followed by a termination. The client is going across the internet. Running the client on a machine on the servers LAN shows that the port is not open. And tcpdump from both shows only a SYN followed by a RST. This indicates that some router between the original client and the servers is accepting the connection and then forwarding it on. This doesn't happen on other ports (although there may be a couple others I haven't chased down yet though). The only router we have in the path is a Cisco 2501 running a 2000 vintage IOS with nothing like that in its configuration. Its a simple pass everything through setup. Any ideas what is happening here?