From owner-freebsd-net@FreeBSD.ORG  Mon Feb  4 08:41:34 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E738A16A419
	for <freebsd-net@freebsd.org>; Mon,  4 Feb 2008 08:41:34 +0000 (UTC)
	(envelope-from andre@freebsd.org)
Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2])
	by mx1.freebsd.org (Postfix) with ESMTP id 56BD613C43E
	for <freebsd-net@freebsd.org>; Mon,  4 Feb 2008 08:41:34 +0000 (UTC)
	(envelope-from andre@freebsd.org)
Received: (qmail 7067 invoked from network); 4 Feb 2008 08:00:47 -0000
Received: from localhost (HELO [127.0.0.1]) ([127.0.0.1])
	(envelope-sender <andre@freebsd.org>)
	by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP
	for <oskar-FreeBSD@eyb.de>; 4 Feb 2008 08:00:47 -0000
Message-ID: <47A6CFC5.3090305@freebsd.org>
Date: Mon, 04 Feb 2008 09:41:41 +0100
From: Andre Oppermann <andre@freebsd.org>
User-Agent: Thunderbird 1.5.0.14 (Windows/20071210)
MIME-Version: 1.0
To: Oskar Eyb <oskar-FreeBSD@eyb.de>
References: <47A4E868.7000500@eyb.de> <47A588C3.4000806@freebsd.org>
	<47A5D02F.60705@eyb.de>
In-Reply-To: <47A5D02F.60705@eyb.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: syncache_timer: Response timeout and other msgs, whats up?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Feb 2008 08:41:35 -0000

Oskar Eyb wrote:
> 
> Andre Oppermann schrieb am 03.02.2008 10:26:
>>> 85.214.42.62 is the other MTA, 172.16.0.2 is my jail.
>>> I use PF with rdr/nat on FreeBSD 7 RC4.
>>
>> We have not released 7RC4 yet.  You probably run BETA4.  An upgrade to
>> 7RC1 or 7RC2 in the next few days fixes all known TCP bugs.
> 
> Yeah of course, I mean BETA4. uname says: 7.0-PRERELEASE
> 
> Which tag is the best?
> currently I use release=cvs tag=RELENG_7. Will I get with this 7RC..?

Yes.  Please cvsup and recompile your kernel.

>> Other than that it looks like your PF rule set may be not entirely
>> correct.  Please post your pf.conf.
> 
> 
> expect the filter-rules this is the top of my pf.conf
> 
> <some macros>
> 
> set timeout { interval 30, frag 10 }
> set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
> set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
> set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
> set timeout { icmp.first 20, icmp.error 10 }
> set timeout { other.first 60, other.single 30, other.multiple 60 }
> 
> 
> # Normalisierung
> #scrub in all
> 
> set optimization normal
> set block-policy return

This information is insufficient to see what happens in PF.  I need to
see the actual firewall, nat and rdr rules.  You can send them to me by
private mail (entire pf.conf).

-- 
Andre