From owner-freebsd-questions@FreeBSD.ORG Wed Dec 16 19:04:33 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E327E1065679 for ; Wed, 16 Dec 2009 19:04:33 +0000 (UTC) (envelope-from kryol@bigmir.net) Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.24]) by mx1.freebsd.org (Postfix) with ESMTP id 868848FC24 for ; Wed, 16 Dec 2009 19:04:33 +0000 (UTC) Received: by ey-out-2122.google.com with SMTP id 4so327014eyf.9 for ; Wed, 16 Dec 2009 11:04:32 -0800 (PST) MIME-Version: 1.0 Received: by 10.213.50.69 with SMTP id y5mr1520281ebf.48.1260988432282; Wed, 16 Dec 2009 10:33:52 -0800 (PST) X-Originating-IP: [93.73.63.153] Date: Wed, 16 Dec 2009 20:33:52 +0200 Message-ID: <4fc8a0960912161033x54f06a1doa8f74f455741101@mail.gmail.com> From: Oleksii Krykun To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: ipfilter unwanted blocking X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Dec 2009 19:04:34 -0000 Hi, I use FreeBSD 7.2-RELEASE with IPFilter used as proxy server for our LAN. I have following rules for external interface: block in log on rl0 all head 100 block out log on rl0 all head 200 pass out quick proto udp from a.b.c.d/32 to any keep state group 200 pass out quick proto tcp from a.b.c.d/32 to any flags S/SA keep state keep frags group 200 All works but sometimes IPF block all (or most of them) packets to ports 80 and 53 for about 2-3 up to 40-50 s. After this IPF returns to normal operation. How to investigate this problem? I tried remove flags and "keep frags" but without success. No regularity. Is this a IPF problem, wrong packages or kernel settings? Any idea?