From owner-freebsd-net Sun Oct 8 17:49:46 2000 Delivered-To: freebsd-net@freebsd.org Received: from bastuba.partitur.se (bastuba.partitur.se [212.209.169.194]) by hub.freebsd.org (Postfix) with ESMTP id 9F7ED37B503 for ; Sun, 8 Oct 2000 17:49:41 -0700 (PDT) Received: from palle.girgensohn.se (c193.150.250.87.cm-upc.chello.se [193.150.250.87]) by bastuba.partitur.se (8.9.3/8.9.3) with ESMTP id CAA57197; Mon, 9 Oct 2000 02:49:36 +0200 (CEST) (envelope-from girgen@partitur.se) Received: from partitur.se (localhost [127.0.0.1]) by palle.girgensohn.se (8.11.0/8.11.0) with ESMTP id e990nTV04378; Mon, 9 Oct 2000 02:49:34 +0200 (CEST) (envelope-from girgen@partitur.se) Message-ID: <39E11619.4694F780@partitur.se> Date: Mon, 09 Oct 2000 02:49:29 +0200 From: Palle Girgensohn Organization: Partitur X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1.1-RELEASE i386) X-Accept-Language: sv, en MIME-Version: 1.0 To: Raymond Wiker Cc: freebsd-net@FreeBSD.ORG Subject: Re: bridged vmnet make NIS go berzerk killing servers with icmp msgs References: <87aeck14mk.fsf@palle.girgensohn.se> <39DC81E1.2C0F7315@quack.kfu.com> <14813.28763.410367.378304@raw.grenland.fast.no> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Raymond Wiker wrote: > > Nick Sayer writes: > > Palle Girgensohn wrote: > > > > > > Hi! > > > > > > Sorry for crossposting, but I'm not certain wheather this is -net or > > > -emulation; probably both... > > > > I see a similar failure every once in a while on FreeBSD machines that > > are NIS clients that are not running vmware, though it sounds to me like > > you are seeing it a lot more frequently. hmmm... not running vmware? are they running an IP bridge, or do you mean that this happens to vanilla fbsd systems? > > I can sometimes precipitate this by disconnecting an NIS client from the > > net briefly, using NIS, then reconnecting it. It ends up in the icmp > > supression state and the only way out is the history eraser button. Yes, that is usually a "good" way to trigger it, but I have seen it happen on occasion without disconnecting. Might be high network load at those times, though, I'm not sure. > You can achieve the same effect by putting wildly > inappropriate values in /var/yp/securenets... > > //Raymond. Maybe, I could deny all bridged IP's from NIS by putting only every allowed IP# in securenets, instead of the entire network as now? The odd thing is, it is not the bridged IP that sends the bad icmps, but the host's standard IP. /Palle To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message