Date: Wed, 16 Dec 2009 20:33:52 +0200 From: Oleksii Krykun <kryol@bigmir.net> To: freebsd-questions@freebsd.org Subject: ipfilter unwanted blocking Message-ID: <4fc8a0960912161033x54f06a1doa8f74f455741101@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, I use FreeBSD 7.2-RELEASE with IPFilter used as proxy server for our LAN. I have following rules for external interface: block in log on rl0 all head 100 block out log on rl0 all head 200 pass out quick proto udp from a.b.c.d/32 to any keep state group 200 pass out quick proto tcp from a.b.c.d/32 to any flags S/SA keep state keep frags group 200 All works but sometimes IPF block all (or most of them) packets to ports 80 and 53 for about 2-3 up to 40-50 s. After this IPF returns to normal operation. How to investigate this problem? I tried remove flags and "keep frags" but without success. No regularity. Is this a IPF problem, wrong packages or kernel settings? Any idea?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4fc8a0960912161033x54f06a1doa8f74f455741101>