From owner-freebsd-stable Thu Jun 1 6:18:41 2000 Delivered-To: freebsd-stable@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id 6476A37B87E for ; Thu, 1 Jun 2000 06:18:37 -0700 (PDT) (envelope-from Gerhard.Sittig@gmx.net) Received: (qmail 19841 invoked by uid 0); 1 Jun 2000 13:18:34 -0000 Received: from p3e9d5113.dip.t-dialin.net (HELO speedy.gsinet) (62.157.81.19) by mail01.rzmi.gmx.net with SMTP; 1 Jun 2000 13:18:34 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id IAA04396 for freebsd-stable@freebsd.org; Thu, 1 Jun 2000 08:26:17 +0200 Date: Thu, 1 Jun 2000 08:26:17 +0200 From: Gerhard Sittig To: freebsd-stable@freebsd.org Subject: Re: 'stalls' from ipfw-stateful box on network connects Message-ID: <20000601082617.F2305@speedy.gsinet> Mail-Followup-To: freebsd-stable@freebsd.org References: <200006010110.LAA04298@asuncion.dstc.edu.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200006010110.LAA04298@asuncion.dstc.edu.au>; from ggm@dstc.edu.au on Thu, Jun 01, 2000 at 11:10:16AM +1000 Organization: System Defenestrators Inc. Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Jun 01, 2000 at 11:10 +1000, George Michaelson wrote: > > I am testing a FreeBSD-4.0 stable machine as a firewall, and > have a reasonably complex ipfw ruleset that probably does > invoke some stateful rules. > > ssh and telnet sessions to this box appear to go into a stalled > state, where there is a 30sec pause before they re-awake and > respond to user input. Maybe you want to read the ipfilter HowTo (to be found at http://www.obfuscation.org/ipf/) which contains a lot of general firewall stuff, too. From what you say below this sounds very similar to an effect described therein. > pinging the interface can wake them up again, which is why I > suspect its something in the ipfw engine. > > now clearly, for a box which is shuffling bits frequently this > wouldn't be a problem because there'd be enough through-traffic > to keep things ticking over. > > am I mis-diagnosing things? is this also visible as a > side-effect of apm or other stuff? It could just be simple(?) "misconfiguration". virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message