From owner-freebsd-stable  Wed Oct  2 18:21:52 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8A64F37B401
	for <stable@FreeBSD.ORG>; Wed,  2 Oct 2002 18:21:50 -0700 (PDT)
Received: from yellow.biolateral.com.au (yellow.biolateral.com.au [129.78.217.60])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AB6C943E42
	for <stable@FreeBSD.ORG>; Wed,  2 Oct 2002 18:21:49 -0700 (PDT)
	(envelope-from tonym@biolateral.com.au)
Received: from dt.home (localhost [127.0.0.1])
	by yellow.biolateral.com.au (8.12.6/8.12.6) with ESMTP id g931LeVZ047369;
	Thu, 3 Oct 2002 11:21:41 +1000 (EST)
	(envelope-from tonym@dt.home)
Received: (from tonym@localhost)
	by dt.home (8.12.6/8.12.6/Submit) id g931LZWv047336;
	Thu, 3 Oct 2002 11:21:35 +1000 (EST)
	(envelope-from tonym)
Date: Thu, 3 Oct 2002 11:21:35 +1000 (EST)
From: Tony Maher <tonym@biolateral.com.au>
Message-Id: <200210030121.g931LZWv047336@dt.home>
To: peter.jeremy@alcatel.com.au
Subject: Re: 'losing' every second packet
Cc: stable@FreeBSD.ORG
In-Reply-To: <20021003003859.GN495@gsmx07.alcatel.com.au>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Peter,

> I'm also using Optus cable, but with -STABLE from about a week ago and
> IPfilter rather than ipfw.  (I found that ipfw+natd+keep-state didn't
> work).

Ok sounds like we are running almost identical release so its good to
know there is an alternative.  (BTW ipfw+natd+keep-state
have been working fine for me for past 12 months until this last month)

> I haven't seen this problem and can't suggest any obvious
> cause within FreeBSD.  It is possible that Optus have added something
> to their firewall to 'discourage' incoming setup packets (to enforce
> their "no servers" policy).

Hard to see how this could be the case ... hmmm unless they added a 50%
drop rate on a destination after observing some form of 'unlawful'
behaviour.  Not that I am running any servers (well except sshd and
hosts.allow restricts it to just my work machines).
Using ssh does not seem to trigger it.

    Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
      Interesting ports on gw.optus (210.49.XXX.XX):
      (The 1599 ports scanned but not shown below are in state: filtered)
    Port       State       Service
    22/tcp     open        ssh                     
    113/tcp    closed      auth                    
    No exact OS matches for host (If you know what OS is running on it,

> All I can suggest is running tcpdump on your firewall and a remote
> machine and studying the packet loss when you send various packets
> between the machines (ping, UDP and TCP).  This might identify where
> (in which direction) the packet loss is occurring.

Packet loss appears to be independent of protocol, see it with ping,
ssh (tcp) and games (udp).
But yes - with long weekend I should get some time for trawling thru packets
:-)

thanks!
--
tonym

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message