Date: Fri, 17 Oct 2008 10:25:09 -0300 From: Jose Amengual <jose.amengual@gmail.com> To: freebsd-current@freebsd.org Subject: PF 7.1 Preerelease problem. Message-ID: <879F32CC-CB75-4C6A-9A0D-0D971433B3F4@gmail.com>
next in thread | raw e-mail | index | archive | help
Ho guys. I install a Freebsd 7.1 as a firewall with pf, jails for mail etc. I was starting having problems with the mails in the defer spool with error messages like "time out" and I check the message log and I found this : TCP: [58.9.5.38]:48146 to [10.0.0.11]:25 tcpflags 0x14<RST,ACK>; syncache_chkrst: Spurious RST with ACK, SYN or FIN flag set, segment ignored TCP: [10.0.0.11]:10024 to [10.0.0.11]:65215 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 64 bytes of data after socket was closed, sending RST and removing tcpcb TCP: [192.168.168.157]:60139 to [10.0.0.11]:110 tcpflags 0x4<RST>; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored TCP: [192.168.150.101]:1188 to [10.0.0.11]:110 tcpflags 0x2<SYN>; _syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK TCP: [10.0.0.11]:10024 to [10.0.0.11]:64412 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 64 bytes of data after socket was closed, sending RST and removing tcpcb TCP: [10.0.0.11]:10024 to [10.0.0.11]:60048 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 64 bytes of data after socket was closed, sending RST and removing tcpcb TCP: [10.0.0.11]:10024 to [10.0.0.11]:56838 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 64 bytes of data after socket was closed, sending RST and removing tcpcb TCP: [65.54.244.72]:25 to [10.0.0.11]:54881 tcpflags 0x19<FIN,PUSH,ACK>; tcp_do_segment: FIN_WAIT_1: Received 71 bytes of data after socket was closed, sending RST and removing tcpcb TCP: [10.0.0.11]:10024 to [10.0.0.11]:59431 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 64 bytes of data after socket was closed, sending RST and removing tcpcb TCP: [10.0.0.11]:10024 to [10.0.0.11]:62617 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 64 bytes of data after socket was closed, sending RST and removing tcpcb TCP: [221.192.149.119]:37691 to [200.27.171.194]:22; syncache_timer: Response timeout, retransmitting (1) SYN|ACK TCP: [192.168.168.157]:60143 to [10.0.0.11]:25 tcpflags 0x4<RST>; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored TCP: [195.245.230.131]:25 to [10.0.0.11]:54615 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_1: Received 39 bytes of data after socket was closed, sending RST and removing tcpcb Connection attempt to UDP 10.0.0.11:25969 from 192.168.168.1:53 TCP: [10.0.0.11]:10024 to [10.0.0.11]:65086 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 64 bytes of data after socket was closed, sending RST and removing tcpcb TCP: [192.168.150.130]:2167 to [10.0.0.11]:25 tcpflags 0x4<RST>; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored Connection attempt to UDP 10.0.0.11:14486 from 200.27.2.7:53 TCP: [192.168.168.157]:60056 to [10.0.0.11]:110 tcpflags 0x4<RST>; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored TCP: [10.0.0.11]:10024 to [10.0.0.11]:62813 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 64 bytes of data after socket was closed, sending RST and removing tcpcb TCP: [10.0.0.11]:10024 to [10.0.0.11]:57904 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 64 bytes of data after socket was closed, sending RST and removing tcpcb TCP: [200.91.27.33]:25 to [10.0.0.11]:62292 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 17 bytes of data after socket was closed, sending RST and removing tcpcb TCP: [81.75.251.139]:51325 to [10.0.0.11]:25 tcpflags 0x14<RST,ACK>; syncache_chkrst: Spurious RST with ACK, SYN or FIN flag set, segment ignored TCP: [10.0.0.11]:25 to [200.27.171.194]:60795 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port TCP: [200.27.171.194]:60795 to [10.0.0.11]:25 tcpflags 0x4<RST>; syncache_chkrst: Our SYN|ACK was rejected, connection attempt aborted by remote endpoint TCP: [10.0.0.11]:10024 to [10.0.0.11]:63130 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 64 bytes of data after socket was closed, sending RST and removing tcpcb TCP: [10.0.0.11]:10024 to [10.0.0.11]:57051 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 64 bytes of data after socket was closed, sending RST and removing tcpcb TCP: [192.168.150.130]:2171 to [10.0.0.11]:25 tcpflags 0x4<RST>; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored TCP: [221.192.149.119]:44046 to [200.27.171.194]:22; syncache_timer: Response timeout, retransmitting (1) SYN|ACK Connection attempt to UDP 10.0.0.11:46152 from 192.168.168.1:53 TCP: [10.0.0.11]:110 to [200.27.171.194]:52781 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port TCP: [200.27.171.194]:52781 to [10.0.0.11]:110 tcpflags 0x4<RST>; syncache_chkrst: Our SYN|ACK was rejected, connection attempt aborted by remote endpoint TCP: [10.0.0.11]:10024 to [10.0.0.11]:57348 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 64 bytes of data after socket was closed, sending RST and removing tcpcb TCP: [192.168.168.157]:60061 to [10.0.0.11]:110 tcpflags 0x4<RST>; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored TCP: [221.192.149.119]:45265 to [200.27.171.194]:22; syncache_timer: Response timeout, retransmitting (1) SYN|ACK TCP: [221.192.149.119]:45951 to [200.27.171.194]:22; syncache_timer: Response timeout, retransmitting (1) SYN|ACK TCP: [10.0.0.11]:110 to [200.27.171.194]:53722 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port TCP: [200.27.171.194]:53722 to [10.0.0.11]:110 tcpflags 0x4<RST>; syncache_chkrst: Our SYN|ACK was rejected, connection attempt aborted by remote endpoint TCP: [10.0.0.11]:10024 to [10.0.0.11]:59020 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 64 bytes of data after socket was closed, sending RST and removing tcpcb TCP: [118.136.197.127]:61865 to [10.0.0.11]:25 tcpflags 0x14<RST,ACK>; syncache_chkrst: Spurious RST with ACK, SYN or FIN flag set, segment ignored TCP: [10.0.0.11]:10024 to [10.0.0.11]:50065 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 64 bytes of data after socket was closed, sending RST and removing tcpcb TCP: [221.192.149.119]:46739 to [200.27.171.194]:22; syncache_timer: Response timeout, retransmitting (1) SYN|ACK TCP: [10.0.0.11]:110 to [200.27.171.194]:57522 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port TCP: [200.27.171.194]:57522 to [10.0.0.11]:110 tcpflags 0x4<RST>; syncache_chkrst: Our SYN|ACK was rejected, connection attempt aborted by remote endpoint TCP: [10.0.0.11]:110 to [200.27.171.194]:50027 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port TCP: [200.27.171.194]:50027 to [10.0.0.11]:110 tcpflags 0x4<RST>; syncache_chkrst: Our SYN|ACK was rejected, connection attempt aborted by remote endpoint TCP: [192.168.168.157]:60095 to [10.0.0.11]:110 tcpflags 0x4<RST>; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored TCP: [200.27.163.29]:42513 to [10.0.0.11]:25 tcpflags 0x4<RST>; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored The 10.0.0 are my jails and the rest is normal connections. What s this ? I'm using exactly the same setup in the same network with a 6.4 and no problem ( the same company, new server ). The problems is that my postfix jail is defferring mails because of the connection errors. Please advice. Thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?879F32CC-CB75-4C6A-9A0D-0D971433B3F4>