From owner-freebsd-current@FreeBSD.ORG Thu Jul 26 04:01:15 2007 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AD24816A419 for ; Thu, 26 Jul 2007 04:01:15 +0000 (UTC) (envelope-from mistry.7@osu.edu) Received: from mail.united-ware.com (am-productions.biz [69.61.164.22]) by mx1.freebsd.org (Postfix) with ESMTP id 00A4E13C46B for ; Thu, 26 Jul 2007 04:01:14 +0000 (UTC) (envelope-from mistry.7@osu.edu) Received: from [192.168.1.100] (cpe-71-72-80-132.columbus.res.rr.com [71.72.80.132]) (authenticated bits=0) by mail.united-ware.com (8.13.8/8.13.8) with ESMTP id l6Q47JEA079580 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 26 Jul 2007 00:07:26 -0400 (EDT) (envelope-from mistry.7@osu.edu) From: Anish Mistry To: freebsd-current@freebsd.org User-Agent: KMail/1.9.6 MIME-Version: 1.0 Date: Wed, 25 Jul 2007 23:35:19 -0400 Content-Type: multipart/signed; boundary="nextPart4469424.iBpaAq9gCy"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200707252335.19924.mistry.7@osu.edu> X-Virus-Scanned: ClamAV 0.90.3/3770/Wed Jul 25 21:52:36 2007 on mail.united-ware.com X-Virus-Status: Clean X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Can't create TCP connections to certain IP addresses X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2007 04:01:15 -0000 --nextPart4469424.iBpaAq9gCy Content-Type: multipart/mixed; boundary="Boundary-01=_3ZBqGtVAoBwfDxw" Content-Transfer-Encoding: 7bit Content-Disposition: inline --Boundary-01=_3ZBqGtVAoBwfDxw Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline This has been happening for a while, I just don't remember when it=20 started (it's been happening for at least a couple of months now),=20 but I know everything was working in April. I'm trying to debug a=20 strange problem I'm having with my -CURRENT system. I can not=20 connect to certain IP addresses. I can connect to=20 am-productions.biz, but not slashdot.org, etc. When the connection=20 can't be made I see the state as SYN_SENT (via netstat). This isn't=20 a DNS issue since I can resolve and ping the sites that I can't=20 connect to. I've tried other on other networks just in case it was a problem with=20 my network, but the same thing happens there too. This is using an=20 rl NIC in my laptop. Using the ath wireless leads to the same=20 results as the rl. Connecting to the cvsup server that I'm using does work, so I can=20 update easily. I've attached various information. If there is some more information=20 I need to provide let me know. I know I probably should have reported this a while ago, but I kept=20 thinking there was something wrong with my config that I couldn't=20 figure out. tcpdump.txt contains a failed connection. tcpdump-good.txt contains=20 a succeeded connection. Thanks, =2D-=20 Anish Mistry --Boundary-01=_3ZBqGtVAoBwfDxw Content-Type: text/plain; charset="us-ascii"; name="sysctl-tcp.txt" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="sysctl-tcp.txt" net.inet.tcp.rfc1323: 1 net.inet.tcp.mssdflt: 512 net.inet.tcp.keepidle: 7200000 net.inet.tcp.keepintvl: 75000 net.inet.tcp.sendspace: 32768 net.inet.tcp.recvspace: 65536 net.inet.tcp.keepinit: 75000 net.inet.tcp.delacktime: 100 net.inet.tcp.v6mssdflt: 1024 net.inet.tcp.hostcache.purge: 0 net.inet.tcp.hostcache.prune: 300 net.inet.tcp.hostcache.expire: 3600 net.inet.tcp.hostcache.count: 0 net.inet.tcp.hostcache.bucketlimit: 30 net.inet.tcp.hostcache.hashsize: 512 net.inet.tcp.hostcache.cachelimit: 15360 net.inet.tcp.recvbuf_max: 262144 net.inet.tcp.recvbuf_inc: 16384 net.inet.tcp.recvbuf_auto: 1 net.inet.tcp.insecure_rst: 0 net.inet.tcp.rfc3390: 1 net.inet.tcp.rfc3042: 1 net.inet.tcp.drop_synfin: 0 net.inet.tcp.delayed_ack: 1 net.inet.tcp.blackhole: 0 net.inet.tcp.log_in_vain: 0 net.inet.tcp.sendbuf_max: 262144 net.inet.tcp.sendbuf_inc: 8192 net.inet.tcp.sendbuf_auto: 1 net.inet.tcp.tso: 1 net.inet.tcp.newreno: 1 net.inet.tcp.local_slowstart_flightsize: 4 net.inet.tcp.slowstart_flightsize: 1 net.inet.tcp.path_mtu_discovery: 1 net.inet.tcp.reass.overflows: 0 net.inet.tcp.reass.maxqlen: 48 net.inet.tcp.reass.cursegments: 0 net.inet.tcp.reass.maxsegments: 532 net.inet.tcp.sack.globalholes: 0 net.inet.tcp.sack.globalmaxholes: 65536 net.inet.tcp.sack.maxholes: 128 net.inet.tcp.sack.enable: 1 net.inet.tcp.inflight.stab: 20 net.inet.tcp.inflight.max: 1073725440 net.inet.tcp.inflight.min: 6144 net.inet.tcp.inflight.rttthresh: 10 net.inet.tcp.inflight.debug: 0 net.inet.tcp.inflight.enable: 1 net.inet.tcp.isn_reseed_interval: 0 net.inet.tcp.icmp_may_rst: 1 net.inet.tcp.pcbcount: 6 net.inet.tcp.do_tcpdrain: 1 net.inet.tcp.tcbhashsize: 512 net.inet.tcp.minmss: 216 net.inet.tcp.syncache.rst_on_sock_fail: 1 net.inet.tcp.syncache.rexmtlimit: 3 net.inet.tcp.syncache.hashsize: 512 net.inet.tcp.syncache.count: 0 net.inet.tcp.syncache.cachelimit: 15360 net.inet.tcp.syncache.bucketlimit: 30 net.inet.tcp.syncookies_only: 0 net.inet.tcp.syncookies: 1 net.inet.tcp.timer_race: 0 net.inet.tcp.finwait2_timeout: 60000 net.inet.tcp.fast_finwait2_recycle: 0 net.inet.tcp.always_keepalive: 1 net.inet.tcp.rexmit_slop: 200 net.inet.tcp.rexmit_min: 30 net.inet.tcp.msl: 30000 net.inet.tcp.nolocaltimewait: 0 net.inet.tcp.maxtcptw: 5000 --Boundary-01=_3ZBqGtVAoBwfDxw Content-Type: text/plain; charset="us-ascii"; name="LITTLEGUY" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="LITTLEGUY" # # GENERIC -- Generic kernel configuration file for FreeBSD/i386 # # For more information on this file, please read the handbook section on # Kernel Configuration Files: # # http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig= =2Dconfig.html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the # FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the # latest information. # # An exhaustive list of options and more detailed explanations of the # device lines is also present in the ../../conf/NOTES and NOTES files.=20 # If you are in doubt as to the purpose or necessity of a line, check first= =20 # in NOTES. # # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.369.2.1 2002/12/18 08:11:24 scott= l Exp $ machine i386 cpu I586_CPU ident LITTLEGUY maxusers 0 #To statically compile in device wiring instead of /boot/device.hints #hints "GENERIC.hints" #Default places to look for devices. #makeoptions DEBUG=3D-g #Build kernel with gdb(1) debug symbols #options DDB, KDB, KDB_UNATTENDED options PREEMPTION #options FULL_PREEMPTION options INET #InterNETworking options INET6 #IPv6 communications protocols options FFS #Berkeley Fast Filesystem options SOFTUPDATES #Enable FFS soft updates support options UFS_ACL #Support for access control lists options UFS_DIRHASH #Improve performance on big directories options UFS_GJOURNAL options MD_ROOT #MD is a potential root device #options NFSCLIENT #Network Filesystem Client #options NFSSERVER #Network Filesystem Server #options NFS_ROOT #NFS usable as root device, requires NFSCLIENT options MSDOSFS #MSDOS Filesystem options NTFS # NT Filesystem options CD9660 #ISO 9660 Filesystem options PROCFS #Process filesystem (requires PSEUDOFS) options PSEUDOFS #Pseudo-filesystem framework options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] options COMPAT_FREEBSD4 #Compatible with FreeBSD4 #options SCSI_DELAY=3D15000 #Delay (in ms) before probing SCSI options KTRACE #ktrace(1) support options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores options _KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions options KBD_INSTALL_CDEV # install a CDEV entry in /dev options AHC_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~128k to driver. options AHD_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~215k to driver. #options CPU_ENABLE_LONGRUN # Debugging for use in -current #options INVARIANTS #Enable calls of extra sanity checking #options INVARIANT_SUPPORT #Extra sanity checks of internal structures, re= quired by INVARIANTS #options WITNESS_KDB #options WITNESS_SKIPSPIN #options WITNESS #Enable checks to detect deadlocks and cycles # To make an SMP kernel, the next two are needed #options SMP # Symmetric MultiProcessor Kernel #options APIC_IO # Symmetric (APIC) I/O device isa device pci # Floppy drives #device fdc # ATA and ATAPI devices device ata device atadisk # ATA disk drives device atapicd # ATAPI CDROM drives #device atapifd # ATAPI floppy drives #device atapist # ATAPI tape drives #options ATA_STATIC_ID #Static device numbering # SCSI peripherals device scbus # SCSI bus (required) device da # Direct Access (disks) #device atapicam device cd device pass # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc # AT keyboard controller device atkbd # AT keyboard device psm # PS/2 mouse device vga # VGA video card driver #options VESA #device splash # Splash screen and screen saver support # syscons is the default console driver, resembling an SCO console device sc #options SC_PIXEL_MODE # Enable this for the pcvt (VT220 compatible) console driver #device vt #options XSERVER # support for X server on a vt console #options FAT_CURSOR # start with block cursor #device agp # support several AGP chipsets # Floating point support - do not disable. device npx # remove KSE and use only libthr #nooption KSE #options SCHED_4BSD options SCHED_ULE # Add suspend/resume support for the i8254. device pmtimer # PCCARD (PCMCIA) support # Pcmcia and cardbus bridge support #device cbb # cardbus (yenta) bridge #device pcic # ExCA ISA and PCI bridges #device pccard # PC Card (16-bit) bus #device cardbus # CardBus (32-bit) bus # Serial (COM) ports #device sio # 8250, 16[45]50 based serial ports # PCI Ethernet NICs that use the common MII bus controller code. # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! device miibus # MII bus support #device rl # RealTek 8129/8139 # Wireless NIC cards #device an # Aironet 4500/4800 802.11 wireless NICs.=20 #device awi # BayStack 660 and others #device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs. #device wl # Older non 802.11 Wavelan wireless NIC. # Pseudo devices - the number indicates how many units to allocate. device random # Entropy device device loop # Network loopback device mem # Memory and kernel memory devices device io # I/O device #device null # Null and zero devices device ether # Ethernet support #device sl # Kernel SLIP #device ppp # Kernel PPP device tun # Packet tunnel. device pty # Pseudo-ttys (telnet etc) device md # Memory "disks" #device gif # IPv6 and IPv4 tunneling #device faith # IPv6-to-IPv4 relaying (translation) # sound #device pcm # firewire (IEEE 1394) #device firewire # system management bus #device iicbus #device iicbb #device ic #device iic #device iicsmb #device smbus #device smb #device alpm # The `bpf' device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! device bpf # Berkeley packet filter # USB support options USB_DEBUG # USB debugging #device uhci # UHCI PCI->USB interface #device ohci # OHCI PCI->USB interface #device usb # USB Bus (required) #device udbp # USB Double Bulk Pipe devices #device ugen # Generic #device uhid # "Human Interface Devices" #device ukbd # Keyboard #device ulpt # Printer #device umass # Disks/Mass storage - Requires scbus and da #device ums # Mouse #device urio # Diamond Rio 500 MP3 player #device uscanner # Scanners --Boundary-01=_3ZBqGtVAoBwfDxw Content-Type: text/plain; charset="us-ascii"; name="sysctl.conf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="sysctl.conf" # $FreeBSD: src/etc/sysctl.conf,v 1.8 2003/03/13 18:43:50 mux Exp $ # # This file is read when going to multi-user and its contents piped thru # ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details. # # Uncomment this to prevent users from seeing information about processes that # are being run under another UID. #security.bsd.see_other_uids=0 vfs.usermount=1 #vfs.read_max=32 hw.acpi.lid_switch_state=S3 hw.acpi.standby_state=S3 hw.acpi.sleep_button_state=S3 #hw.acpi.sleep_delay=10 hw.acpi.handle_reboot=1 # allows max usage only when needed, otherwise it stays at min freq #hw.crusoe.performance_longrun=2 #hw.crusoe.economy_longrun=2 hw.acpi.cpu.cx_lowest=C3 # reduce swap paging #vm.defer_swapspace_pageouts=1 # other tuning from "man tuning" #kern.ipc.shm_use_phys=1 # usb debugging #hw.usb.debug=2 #hw.usb.ums.debug=11 #hw.usb.umass.debug=11 kern.module_path=/boot/kernel;/boot/modules #hw.pccard.cis_debug=9 #hw.pccard.debug=9 #kern.ipc.shmall=131072 #kern.ipc.shmmax=64000000 --Boundary-01=_3ZBqGtVAoBwfDxw Content-Type: text/plain; charset="us-ascii"; name="tcpdump-good.txt" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="tcpdump-good.txt" 23:15:18.079517 IP 192.168.1.195.63432 > m0n0wall.am-productions.biz.domain: 62498+ A? am-productions.biz. (36) 23:15:18.146047 IP m0n0wall.am-productions.biz.domain > 192.168.1.195.63432: 62498 1/6/7 A am-productions.biz (291) 23:15:18.148280 IP 192.168.1.195.49311 > m0n0wall.am-productions.biz.domain: 62499+ AAAA? am-productions.biz. (36) 23:15:18.213682 IP m0n0wall.am-productions.biz.domain > 192.168.1.195.49311: 62499 0/1/0 (93) 23:15:18.219015 IP 192.168.1.195.57135 > am-productions.biz.http: S 3142395275:3142395275(0) win 65535 23:15:18.243065 IP am-productions.biz.http > 192.168.1.195.57135: S 2533443809:2533443809(0) ack 3142395276 win 65535 23:15:18.243653 IP 192.168.1.195.57135 > am-productions.biz.http: . ack 1 win 260 23:15:18.666481 IP 192.168.1.195.49969 > m0n0wall.am-productions.biz.domain: 49318+ PTR? 1.1.168.192.in-addr.arpa. (42) 23:15:18.667539 IP m0n0wall.am-productions.biz.domain > 192.168.1.195.49969: 49318* 1/0/0 PTR[|domain] 23:15:18.670548 IP 192.168.1.195.54422 > m0n0wall.am-productions.biz.domain: 49319+ PTR? 195.1.168.192.in-addr.arpa. (44) 23:15:18.798275 IP m0n0wall.am-productions.biz.domain > 192.168.1.195.54422: 49319 NXDomain* 0/1/0 (112) 23:15:18.803615 IP 192.168.1.195.59285 > m0n0wall.am-productions.biz.domain: 49320+ PTR? 22.164.61.69.in-addr.arpa. (43) 23:15:18.804783 IP m0n0wall.am-productions.biz.domain > 192.168.1.195.59285: 49320 1/0/0 (75) 23:15:29.174352 IP 192.168.1.195.57135 > am-productions.biz.http: F 1:1(0) ack 1 win 260 23:15:29.199277 IP am-productions.biz.http > 192.168.1.195.57135: . ack 2 win 33304 23:15:29.201176 IP am-productions.biz.http > 192.168.1.195.57135: F 1:1(0) ack 2 win 33304 23:15:29.201535 IP 192.168.1.195.57135 > am-productions.biz.http: . ack 2 win 260 --Boundary-01=_3ZBqGtVAoBwfDxw Content-Type: text/plain; charset="us-ascii"; name="tcpdump.txt" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="tcpdump.txt" 23:07:23.166861 arp who-has 192.168.1.100 tell 192.168.1.195 23:07:23.167036 arp reply 192.168.1.100 is-at 00:0b:6a:cb:be:8d (oui Unknown) 23:07:23.167126 IP 192.168.1.195.58799 > 192.168.1.100.ssh: S 2275413703:2275413703(0) win 65535 23:07:23.247656 IP 192.168.1.195.49713 > m0n0wall.am-productions.biz.domain: 6495+ PTR? 100.1.168.192.in-addr.arpa. (44) 23:07:23.269748 IP m0n0wall.am-productions.biz.domain > 192.168.1.195.49713: 6495 NXDomain* 0/1/0 (112) 23:07:23.274694 IP 192.168.1.195.60722 > m0n0wall.am-productions.biz.domain: 6496+ PTR? 195.1.168.192.in-addr.arpa. (44) 23:07:23.409341 IP m0n0wall.am-productions.biz.domain > 192.168.1.195.60722: 6496 NXDomain* 0/1/0 (112) 23:07:24.405455 IP 192.168.1.195.50305 > m0n0wall.am-productions.biz.domain: 6497+ PTR? 1.1.168.192.in-addr.arpa. (42) 23:07:24.406815 IP m0n0wall.am-productions.biz.domain > 192.168.1.195.50305: 6497* 1/0/0 PTR[|domain] 23:07:26.162424 IP 192.168.1.195.58799 > 192.168.1.100.ssh: S 2275413703:2275413703(0) win 65535 23:07:29.362386 IP 192.168.1.195.58799 > 192.168.1.100.ssh: S 2275413703:2275413703(0) win 65535 23:07:32.562415 IP 192.168.1.195.58799 > 192.168.1.100.ssh: S 2275413703:2275413703(0) win 65535 23:07:35.762501 IP 192.168.1.195.58799 > 192.168.1.100.ssh: S 2275413703:2275413703(0) win 65535 23:07:38.962548 IP 192.168.1.195.58799 > 192.168.1.100.ssh: S 2275413703:2275413703(0) win 65535 23:07:45.162732 IP 192.168.1.195.58799 > 192.168.1.100.ssh: S 2275413703:2275413703(0) win 65535 23:07:57.362939 IP 192.168.1.195.58799 > 192.168.1.100.ssh: S 2275413703:2275413703(0) win 65535 23:07:59.742344 IP 192.168.1.190.netbios-dgm > 192.168.1.255.netbios-dgm: NBT UDP PACKET(138) 23:08:00.405311 IP 192.168.1.195.58875 > m0n0wall.am-productions.biz.domain: 6498+ PTR? 255.1.168.192.in-addr.arpa. (44) 23:08:00.429433 IP m0n0wall.am-productions.biz.domain > 192.168.1.195.58875: 6498 NXDomain* 0/1/0 (112) 23:08:00.435831 IP 192.168.1.195.55362 > m0n0wall.am-productions.biz.domain: 6499+ PTR? 190.1.168.192.in-addr.arpa. (44) 23:08:00.557832 IP m0n0wall.am-productions.biz.domain > 192.168.1.195.55362: 6499 NXDomain* 0/1/0 (112) 23:08:21.563277 IP 192.168.1.195.58799 > 192.168.1.100.ssh: S 2275413703:2275413703(0) win 65535 23:08:38.001109 arp who-has 192.168.1.100 tell m0n0wall.am-productions.biz --Boundary-01=_3ZBqGtVAoBwfDxw-- --nextPart4469424.iBpaAq9gCy Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBGqBZ3xqA5ziudZT0RAh17AJ0ebTw/NjS3qiPnmnjV+IXwNe0MvgCgoCCM 5Y9bv2qRw6Ry1k49n1pnlYU= =W0we -----END PGP SIGNATURE----- --nextPart4469424.iBpaAq9gCy--