From owner-freebsd-net@FreeBSD.ORG Sun Feb 3 14:31:14 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B24D816A417 for ; Sun, 3 Feb 2008 14:31:14 +0000 (UTC) (envelope-from oskar-FreeBSD@eyb.de) Received: from beastie.eyb.de (beastie.eyb.de [85.214.103.56]) by mx1.freebsd.org (Postfix) with ESMTP id 5C6AD13C4DD for ; Sun, 3 Feb 2008 14:31:14 +0000 (UTC) (envelope-from oskar-FreeBSD@eyb.de) Received: from chuck.ath.cx (dslb-088-065-173-213.pools.arcor-ip.net [88.65.173.213]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by beastie.eyb.de (Postfix) with ESMTP id E02E48B798C; Sun, 3 Feb 2008 15:31:29 +0100 (CET) Received: from [10.0.0.3] (saturn.intra.eyb.de [10.0.0.3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by chuck.ath.cx (Postfix) with ESMTP id DAE1E11852E0; Sun, 3 Feb 2008 15:32:56 +0100 (CET) Message-ID: <47A5D02F.60705@eyb.de> Date: Sun, 03 Feb 2008 15:31:11 +0100 From: Oskar Eyb User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: Andre Oppermann , freebsd-net@freebsd.org References: <47A4E868.7000500@eyb.de> <47A588C3.4000806@freebsd.org> In-Reply-To: <47A588C3.4000806@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: syncache_timer: Response timeout and other msgs, whats up? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Feb 2008 14:31:14 -0000 Andre Oppermann schrieb am 03.02.2008 10:26: >> 85.214.42.62 is the other MTA, 172.16.0.2 is my jail. >> I use PF with rdr/nat on FreeBSD 7 RC4. > > We have not released 7RC4 yet. You probably run BETA4. An upgrade to > 7RC1 or 7RC2 in the next few days fixes all known TCP bugs. Yeah of course, I mean BETA4. uname says: 7.0-PRERELEASE Which tag is the best? currently I use release=cvs tag=RELENG_7. Will I get with this 7RC..? > Other than that it looks like your PF rule set may be not entirely > correct. Please post your pf.conf. expect the filter-rules this is the top of my pf.conf set timeout { interval 30, frag 10 } set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 } set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 } set timeout { udp.first 60, udp.single 30, udp.multiple 60 } set timeout { icmp.first 20, icmp.error 10 } set timeout { other.first 60, other.single 30, other.multiple 60 } # Normalisierung #scrub in all set optimization normal set block-policy return .... Oskar