From owner-freebsd-net@FreeBSD.ORG Tue Mar 16 04:37:18 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 986B716A4CE; Tue, 16 Mar 2004 04:37:18 -0800 (PST) Received: from demos.su (mx.demos.su [194.87.0.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 76DF143D39; Tue, 16 Mar 2004 04:37:17 -0800 (PST) (envelope-from tolyar@mx.ru) Received: from [194.87.2.159] (HELO dwarf.demos.su) by demos.su (CommuniGate Pro SMTP 4.1.8/D) with SMTP id 179096160; Tue, 16 Mar 2004 15:37:16 +0300 Date: Tue, 16 Mar 2004 15:37:16 +0300 From: Zherdev Anatoly To: Gleb Smirnoff Message-Id: <20040316153716.099448ac@dwarf.demos.su> In-Reply-To: <20040316123424.GA17010@cell.sick.ru> References: <20040316125335.5f64cac5@dwarf.demos.su> <20040316131256.015a082d@dwarf.demos.su> <4056D84C.514EC45C@freebsd.org> <20040316151832.3f8b9012@dwarf.demos.su> <20040316123424.GA17010@cell.sick.ru> X-Mailer: Sylpheed version 0.9.9claws (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: "Bjoern A. Zeeb" cc: Andre Oppermann cc: freebsd-net@freebsd.org Subject: Re: Problem with closing tcp session between cisco and freebsd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Mar 2004 12:37:18 -0000 On Tue, 16 Mar 2004 15:34:24 +0300 Gleb Smirnoff wrote: > Z> But in IPFW i have ACCEPT by default and only this deny rules: > Z> > Z> 00200 deny ip from any to 127.0.0.0/8 > Z> 00300 deny ip from 127.0.0.0/8 to any > Z> 00400 deny log logamount 100 tcp from any to any 135-139,445,593 > Z> 00500 deny log logamount 100 udp from any to any 135-139,445 > Z> 01100 deny tcp from any to any 22 in recv fxp1 > Z> 01600 reset tcp from any to any 113 > Z> > Z> I make ipfw flush when i see this situation and keep only > Z> 65535 allow ip from any to any > Z> but problem was not resolved and tcp session not ended. > > Another snap question: > > what is value of net.inet.tcp.blackhole sysctl? sysctl -a | grep blackhole net.inet.tcp.blackhole: 0 net.inet.udp.blackhole: 0 -- Zherdev Anatoly.