Date: Thu, 1 Jun 2000 08:26:17 +0200 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: freebsd-stable@freebsd.org Subject: Re: 'stalls' from ipfw-stateful box on network connects Message-ID: <20000601082617.F2305@speedy.gsinet> In-Reply-To: <200006010110.LAA04298@asuncion.dstc.edu.au>; from ggm@dstc.edu.au on Thu, Jun 01, 2000 at 11:10:16AM %2B1000 References: <200006010110.LAA04298@asuncion.dstc.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 01, 2000 at 11:10 +1000, George Michaelson wrote: > > I am testing a FreeBSD-4.0 stable machine as a firewall, and > have a reasonably complex ipfw ruleset that probably does > invoke some stateful rules. > > ssh and telnet sessions to this box appear to go into a stalled > state, where there is a 30sec pause before they re-awake and > respond to user input. Maybe you want to read the ipfilter HowTo (to be found at http://www.obfuscation.org/ipf/) which contains a lot of general firewall stuff, too. From what you say below this sounds very similar to an effect described therein. > pinging the interface can wake them up again, which is why I > suspect its something in the ipfw engine. > > now clearly, for a box which is shuffling bits frequently this > wouldn't be a problem because there'd be enough through-traffic > to keep things ticking over. > > am I mis-diagnosing things? is this also visible as a > side-effect of apm or other stuff? It could just be simple(?) "misconfiguration". virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000601082617.F2305>