From owner-freebsd-stable Wed May 31 18:10:24 2000 Delivered-To: freebsd-stable@freebsd.org Received: from piglet.dstc.edu.au (piglet.dstc.edu.au [130.102.176.1]) by hub.freebsd.org (Postfix) with ESMTP id 02AC637B7F2 for ; Wed, 31 May 2000 18:10:20 -0700 (PDT) (envelope-from ggm@dstc.edu.au) Received: from asuncion.dstc.edu.au (asuncion.dstc.edu.au [130.102.176.155]) by piglet.dstc.edu.au (8.10.1/8.10.1) with ESMTP id e511AAo11983 for ; Thu, 1 Jun 2000 11:10:10 +1000 (EST) Received: (from ggm@localhost) by asuncion.dstc.edu.au (8.9.3+Sun/8.8.8) id LAA04298 for freebsd-stable@freebsd.org; Thu, 1 Jun 2000 11:10:16 +1000 (EST) Date: Thu, 1 Jun 2000 11:10:16 +1000 (EST) From: George Michaelson Message-Id: <200006010110.LAA04298@asuncion.dstc.edu.au> To: freebsd-stable@freebsd.org Subject: 'stalls' from ipfw-stateful box on network connects Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I am testing a FreeBSD-4.0 stable machine as a firewall, and have a reasonably complex ipfw ruleset that probably does invoke some stateful rules. ssh and telnet sessions to this box appear to go into a stalled state, where there is a 30sec pause before they re-awake and respond to user input. pinging the interface can wake them up again, which is why I suspect its something in the ipfw engine. now clearly, for a box which is shuffling bits frequently this wouldn't be a problem because there'd be enough through-traffic to keep things ticking over. am I mis-diagnosing things? is this also visible as a side-effect of apm or other stuff? what else apart from ipfw/state can make connects to a box hang if idle for more than a few minutes? cheers -George To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message