Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 6 Sep 2007 02:57:42 +0000
From:      Gloomy Group <gloomygroup@hotmail.com>
To:        <freebsd-net@freebsd.org>
Subject:   Interface Status changes to UP and Down 
Message-ID:  <BAY131-W17445397811F3DD21C974FAFC40@phx.gbl>
next in thread | raw e-mail | index | archive | help 

Hi all,

   I am running Freebsd 6.2 as Transparent proxy Server. My hardware is Int=
el(R) Pentium(R) 4 CPU 3.00GHz, 1GB DDR2 Memory and 2 SATA hardisk. While c=
hecking dmesg it shows link state change to up and Down and sometimes the s=
erver crashes.

ipfw: pullup failed
ipfw: pullup failed
ipfw: pullup failed
ipfw: pullup failed
ipfw: pullup failed
ipfw: pullup failed
fxp0: link state changed to DOWN
fxp0: link state changed to UP
fxp0: link state changed to DOWN
fxp0: link state changed to UP
fxp0: link state changed to DOWN
fxp0: link state changed to UP
fxp0: link state changed to DOWN
fxp0: link state changed to UP
fxp0: link state changed to DOWN
fxp0: link state changed to UP
fxp0: link state changed to DOWN


         Is this due to misconfigured firewall rules or some special tuning=
 need in kernel variables; Below is my IPFW rules:

00100 allow ip from any to any via lo0
00101 check-state
00102 deny icmp from any to any in icmptypes 5,9,13,14,15,16,17
00200 allow icmp from 202.xx.xx.0/24 to me in
00201 allow icmp from 202.xx.xx.0/24 to me in
00300 allow tcp from me to any out keep-state
00301 allow udp from me to any dst-port 53 keep-state
00302 allow ip from me to any out keep-state
00303 allow tcp from any 80,443 to me in keep-state
00304 allow tcp from any 80,443 to any out keep-state
00400 allow tcp from 202.79.xx.0/24 to me dst-port 2001 keep-state
00500 allow udp from 202.79.xx.xx 3130 to me dst-port 3130 keep-state
00501 allow tcp from 202.79.xx.xx 3128 to me in
00600 allow udp from 202.79.xx.xx to me dst-port 161 keep-state
00601 allow udp from 202.79.xx.xx to me dst-port 3401 keep-state
03000 allow tcp from 202.79.xx.0/24 to me dst-port 3128
03001 allow tcp from 202.79.xx.0/24 to me dst-port 3128
03002 fwd 127.0.0.1,3128 tcp from 202.79.xx.0/24 to any dst-port 80 keep-st=
ate
03003 fwd 127.0.0.1,3128 tcp from 202.79.xx.0/24 to any dst-port 80 keep-st=
ate
65534 deny log logamount 200 ip from any to any

  =20

_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Space=
s. It's easy!
http://spaces.live.com/spacesapi.aspx?wx_action=3Dcreate&wx_url=3D/friends.=
aspx&mkt=3Den-us=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY131-W17445397811F3DD21C974FAFC40>