From owner-freebsd-questions@FreeBSD.ORG Thu Mar 22 01:07:28 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CD30B16A405 for ; Thu, 22 Mar 2007 01:07:28 +0000 (UTC) (envelope-from tg@swox.com) Received: from king.swox.se (king.swox.se [195.198.203.150]) by mx1.freebsd.org (Postfix) with ESMTP id 7EC3D13C4C3 for ; Thu, 22 Mar 2007 01:07:28 +0000 (UTC) (envelope-from tg@swox.com) Received: by king.swox.se (Postfix, from userid 1001) id 444EA7DB8; Thu, 22 Mar 2007 01:03:34 +0100 (CET) To: freebsd-questions@freebsd.org From: Torbjorn Granlund Sender: tege@king.swox.se Original-Sender: tg@swox.com Date: 22 Mar 2007 01:03:34 +0100 Message-ID: <868xdqnnzd.fsf@king.swox.se> Lines: 51 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: TCP conection problems IBM VM -> FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2007 01:07:28 -0000 I have the following setup: IBM VM mainframe <-> [Internet] <-> fbsd 6.2 router <-> fbsd 4.10 smtp box "vm" "router.swox.se" "smtp.swox.se" When vm attempts to make a TCP connection (e.g., on port 25) to smtp.swox.se I see the following traffic on the router: 22:46:27.015389 IP vm.se.lsoft.com.47218 > smtp.swox.se.smtp: S 27523124:27523124(0) win 8192 22:46:27.015523 IP smtp.swox.se.smtp > vm.se.lsoft.com.47218: S 1745147473:1745147473(0) ack 3530628660 win 57344 22:46:27.056277 IP vm.se.lsoft.com.47218 > smtp.swox.se.smtp: R 3530628660:3530628660(0) win 0 I.e., the vm box appears to dislike the SYNACK from smtp.swox.se, and sends an RST. One might ask if it is the fault of vm or of smtp.swox.se. If I switch on "pf", the kernel packet filter, on router.swox.se, using pfctl -e, with an empty /etc/pf.conf, the router discards the SYNACK from smtp.swox.se. I realize that an empty /etc/pf.conf means that a set of implicit rules are enabled, including some sanitize rules. This leads me to believing that smtp.swox.se somehow sends a bad SYNACK reply to vm. But smtp.swox.se is perfectly capable of accepting TCP connections from lots of machines out there, and the router leavs the SYNACKs alone except when vm is on the receiving end. I have stared at tcpdumps in order to try to understand what might be wrong, unsuccessfully. I have not found out how to make pf on router.swox.se be so kind as to log the reason for that it throws away the SYNACK. And I don't have access to nor knowledge to of the vm system to get any information on why it dislikes the SYNACK. Making tcp connections in the other direction (smtp.swox.se -> vm) works flawlessly. I have tried enabling and disabling rfc1323 on smtp.swox.se, without any change wrt this issue. My questions: How can I debug this further? Was there a tcp bug in 4.10 that might be causing the observed behaviour? (Is it fixed in 4.11?) (I might be upgrading smtp.swox.se to a much more recent FreeBSD version at some point, but I'd rather not hurry up with it since this machine runs a lot of things. Understanding this problem is important in any case.) -- Torbjörn