Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 16 Mar 2004 15:18:32 +0300
From:      Zherdev Anatoly <tolyar@mx.ru>
To:        "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Cc:        Andre Oppermann <andre@freebsd.org>
Subject:   Re: Problem with closing tcp session between cisco and freebsd
Message-ID:  <20040316151832.3f8b9012@dwarf.demos.su>
In-Reply-To: <Pine.BSF.4.53.0403161129010.51220@e0-0.zab2.int.zabbadoz.net>
References:  <20040316125335.5f64cac5@dwarf.demos.su> <20040316131256.015a082d@dwarf.demos.su> <4056D84C.514EC45C@freebsd.org> <Pine.BSF.4.53.0403161129010.51220@e0-0.zab2.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 16 Mar 2004 11:29:45 +0000 (UTC)
"Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> wrote:


> > > FreeBSD 4.9-STABLE cvsupped March 3
> > > Cisco IOS 12.2.19a ip only Cisco 5300
> >
> > Do you know when it was working correctly the last time?  Do you have
> > another machine (4.9R or lower, or 5.2 or 5.C) to test against?  On
> > March 2 the commit of the TCP segment reassembly queue limiter has
> > been done but that does not change TCP processing otherwise in any
> > way.  A month ago the TCP-MD5 stuff has been committed.  A year ago
> > there have been some NewReno fixes.
> >
> > So no obvious suspect.  Before digging deep into the code its better
> > to have some more surrounding information.
> 
> Another question: any packet filters in between ?

Yes i have IPFW1 on this servers (it was the same problem on two servers at one time and one cisco)
But in IPFW i have ACCEPT by default and only this deny rules:

00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny log logamount 100 tcp from any to any 135-139,445,593
00500 deny log logamount 100 udp from any to any 135-139,445
01100 deny tcp from any to any 22 in recv fxp1
01600 reset tcp from any to any 113

I make ipfw flush when i see this situation and keep only 
65535 allow ip from any to any
but problem was not resolved and tcp session not ended.

-- 
Zherdev Anatoly.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040316151832.3f8b9012>