From owner-freebsd-net@FreeBSD.ORG Fri Aug 22 19:12:39 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9A56210656CC for ; Fri, 22 Aug 2008 19:12:39 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 569E78FC0C for ; Fri, 22 Aug 2008 19:12:39 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id CF17B41C7BD; Fri, 22 Aug 2008 21:12:37 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id ERfB9qvZWZa1; Fri, 22 Aug 2008 21:12:37 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 63DE041C7B7; Fri, 22 Aug 2008 21:12:37 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 5FE4C44487F; Fri, 22 Aug 2008 19:12:26 +0000 (UTC) Date: Fri, 22 Aug 2008 19:12:26 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Mike Tancsa In-Reply-To: <200808221719.m7MHJY25090566@lava.sentex.ca> Message-ID: <20080822191146.T66593@maildrop.int.zabbadoz.net> References: <200808221719.m7MHJY25090566@lava.sentex.ca> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org Subject: Re: strange TCP issue on RELENG_7 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Aug 2008 19:12:39 -0000 On Fri, 22 Aug 2008, Mike Tancsa wrote: > On one of our sendmail boxes that we are running RELENG_7, we have noticed an > odd issue triggered or noticed by our monitoring system (bigbrother in this > case). The seems to have been happening ever since we installed it, so its > not a recent commit issue. > > Every 5 min, one of our monitoring stations connects to the box on port 25 > > The connection process is pretty simple. It connects and sends a QUIT and if > that works, all is "ok". > > Here is a normal exchange > ... > > > But, perhaps twice a day, or once every 2 days, I will see an RST from the > host being monitored for some reason?! > It looks like > > ... > > I dont ever see this on RELENG_6, only on RELENG_7. It doesnt seem to be load > related as I will see it at various times of the day both busy and quiet and > sendmail is not complaining about too many connections which it will when > there are. > > 192.168.1.2 is the monitoring host running bb and 192.168.1.9 is the smtp > server being tested. I do have pf on the box, but pf isnt set to send RSTs > and I think if there is a state mismatch, it will just drop the packet and > not send the RST. I have tried with and without scrub but no obvious > difference > > Rules are simple > > > set skip on lo0 > scrub in all > > block in log on {em0,em1} > pass in on {em0,em1} proto {tcp,udp} from > pass in on {em0,em1,lo0} proto tcp from any to any port {25,53,587} > pass in on {em0,em1,lo0} proto udp from any to any port {53} > pass in on {em0,em1} proto icmp from any to any > pass out on {em0,em1} proto {icmp,tcp,udp} from any to any can you make sure you have this? http://svn.freebsd.org/changeset/base/181596 -- Bjoern A. Zeeb Stop bit received. Insert coin for new game.