From owner-freebsd-current  Thu Aug  1  1:23: 1 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DFA4237B400
	for <current@freebsd.org>; Thu,  1 Aug 2002 01:22:57 -0700 (PDT)
Received: from iguana.icir.org (iguana.icir.org [192.150.187.36])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 306FF43E81
	for <current@freebsd.org>; Thu,  1 Aug 2002 01:22:57 -0700 (PDT)
	(envelope-from rizzo@iguana.icir.org)
Received: (from rizzo@localhost)
	by iguana.icir.org (8.11.6/8.11.3) id g718Mf673140;
	Thu, 1 Aug 2002 01:22:41 -0700 (PDT)
	(envelope-from rizzo)
Date: Thu, 1 Aug 2002 01:22:41 -0700
From: Luigi Rizzo <luigi@freebsd.org>
To: "Andrey A. Chernov" <ache@nagual.pp.ru>
Cc: current@freebsd.org
Subject: Re: IPFW2 may cause incoming connections to hang
Message-ID: <20020801012241.A72759@iguana.icir.org>
References: <20020801081103.GA1779@nagual.pp.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020801081103.GA1779@nagual.pp.ru>; from ache@nagual.pp.ru on Thu, Aug 01, 2002 at 12:11:05PM +0400
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Thu, Aug 01, 2002 at 12:11:05PM +0400, Andrey A. Chernov wrote:
> I notice reproductible effect on my recent -current remote machine, after
> 5-7 hours of normal work, I can't connect to this machine via
> ssh,telnet,pop3 or ftp, but smtp and http continue to work normally.
> 
> When I turn ipfw2 off, this effect is gone. It was never happened for old
> ipfw with the same settings.
> 
> I have simple "open" firewall type with one "deny" rule for specific tcp
> port. Since this is remote machine, I can't login and see what actually
> happens during this effect. I also notice that if current connection stays
> across beginning of effect, it continue to work, but new ones hangs.

could you send me your exact ruleset ? Also, does this happen
at specific times (e.g. after some cron task) or not ?

	cheers
	luigi

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message