From owner-freebsd-stable@FreeBSD.ORG  Thu Nov 13 12:27:38 2008
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9A5FD106564A
	for <freebsd-stable@freebsd.org>; Thu, 13 Nov 2008 12:27:38 +0000 (UTC)
	(envelope-from jdc@koitsu.dyndns.org)
Received: from QMTA02.westchester.pa.mail.comcast.net
	(qmta02.westchester.pa.mail.comcast.net [76.96.62.24])
	by mx1.freebsd.org (Postfix) with ESMTP id 479F78FC13
	for <freebsd-stable@freebsd.org>; Thu, 13 Nov 2008 12:27:38 +0000 (UTC)
	(envelope-from jdc@koitsu.dyndns.org)
Received: from OMTA05.westchester.pa.mail.comcast.net ([76.96.62.43])
	by QMTA02.westchester.pa.mail.comcast.net with comcast
	id ecBp1a00d0vyq2s52cTLnW; Thu, 13 Nov 2008 12:27:20 +0000
Received: from koitsu.dyndns.org ([69.181.141.110])
	by OMTA05.westchester.pa.mail.comcast.net with comcast
	id ecTc1a00H2P6wsM3RcTdV4; Thu, 13 Nov 2008 12:27:37 +0000
X-Authority-Analysis: v=1.0 c=1 a=QycZ5dHgAAAA:8 a=i1lI_dfH-hToQv7r-lgA:9
	a=pT2htGUqf2bt5VPHu1UA:7 a=NGffDORKg-lX1Dma3BYG77uDYCkA:4
	a=EoioJ0NPDVgA:10 a=LY0hPdMaydYA:10
Received: by icarus.home.lan (Postfix, from userid 1000)
	id 653BC5C19; Thu, 13 Nov 2008 04:27:36 -0800 (PST)
Date: Thu, 13 Nov 2008 04:27:36 -0800
From: Jeremy Chadwick <koitsu@FreeBSD.org>
To: David Peall <david@esn.org.za>
Message-ID: <20081113122736.GA21273@icarus.home.lan>
References: <FFF7941F7B184445881228ABAD4494B34E73A7@intsika.ct.esn.org.za>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <FFF7941F7B184445881228ABAD4494B34E73A7@intsika.ct.esn.org.za>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: freebsd-stable@freebsd.org
Subject: Re: ipfw erratic on 7 stable
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Nov 2008 12:27:38 -0000

On Thu, Nov 13, 2008 at 01:24:10PM +0200, David Peall wrote:
> I'm having a problem with ipfw, I think.
> 
> For some reason it denies packets randomly for example:
> 
> PING 196.14.239.2 (196.14.239.2): 56 data bytes
> ping: sendto: Permission denied
> ping: sendto: Permission denied
> 64 bytes from 196.14.239.2: icmp_seq=2 ttl=63 time=0.258 ms
> 64 bytes from 196.14.239.2: icmp_seq=3 ttl=63 time=0.233 ms
> 64 bytes from 196.14.239.2: icmp_seq=4 ttl=63 time=0.211 ms
> 
> Not sure what else would be helpful at this point.
> 
> Running:
> FreeBSD 7.1-PRERELEASE #0: Fri Oct 31 09:44:07 UTC 2008     

In my experiences, "Permission denied" is returned if you have a rule
that blocks certain outbound packets; the OS tells the socket owner "no
can do".

There isn't enough information in the above report to help determine why
it happens randomly; what flags have you passed ping?  And please
provide your entire ipfw ruleset, something may stand out.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |