Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 22 Aug 2008 19:12:26 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To:        Mike Tancsa <mike@sentex.net>
Cc:        freebsd-net@freebsd.org
Subject:   Re: strange TCP issue on RELENG_7 
Message-ID:  <20080822191146.T66593@maildrop.int.zabbadoz.net>
In-Reply-To: <200808221719.m7MHJY25090566@lava.sentex.ca>
References:  <200808221719.m7MHJY25090566@lava.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 22 Aug 2008, Mike Tancsa wrote:

> On one of our sendmail boxes that we are running RELENG_7, we have noticed an 
> odd issue triggered or noticed by our monitoring system (bigbrother in this 
> case).  The seems to have been happening ever since we installed it, so its 
> not a recent commit issue.
>
> Every 5 min, one of our monitoring stations connects to the box on port 25
>
> The connection process is pretty simple. It connects and sends a QUIT and if 
> that works, all is "ok".
>
> Here is a normal exchange
> ...
>
>
> But, perhaps twice a day, or once every 2 days, I will see an RST from the 
> host being monitored for some reason?!
> It looks like
>
> ...
>
> I dont ever see this on RELENG_6, only on RELENG_7. It doesnt seem to be load 
> related as I will see it at various times of the day both busy and quiet and 
> sendmail is not complaining about too many connections which it will when 
> there are.
>
> 192.168.1.2 is the monitoring host running bb and 192.168.1.9 is the smtp 
> server being tested. I do have pf on the box, but pf isnt set to send RSTs 
> and I think if there is a state mismatch, it will just drop the packet and 
> not send the RST.  I have tried with and without scrub but no obvious 
> difference
>
> Rules are simple
>
>
> set skip on lo0
> scrub in all
>
> block in log on {em0,em1}
> pass in on {em0,em1} proto {tcp,udp} from <TRUSTED>
> pass in on {em0,em1,lo0} proto tcp from any to any port {25,53,587}
> pass in on {em0,em1,lo0} proto udp from any to any port {53}
> pass in on {em0,em1} proto icmp from any to any
> pass out on {em0,em1} proto {icmp,tcp,udp} from any to any


can you make sure you have this?

http://svn.freebsd.org/changeset/base/181596

-- 
Bjoern A. Zeeb              Stop bit received. Insert coin for new game.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080822191146.T66593>