Date: Thu, 04 Aug 2005 19:26:55 +0100 From: Rod <rod@supanet.net.uk> To: freebsd-pf@freebsd.org Subject: Re: PF, SSH closed by remote host Message-ID: <1123180015.24009.45.camel@torgau.office.netline.net.uk> In-Reply-To: <20050804175303.GI11104@insomnia.benzedrine.cx> References: <1123177703.24009.29.camel@torgau.office.netline.net.uk> <20050804175303.GI11104@insomnia.benzedrine.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-X8IVMSmdrQmNJdqwD6bo Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Thanks for that here's the output, currently looking down the path that maybe it's ssh miss-behaving=20 pfctl -xm: No ALTQ support in kernel ALTQ related functions disabled debug level set to 'misc' pfctl -si: No ALTQ support in kernel ALTQ related functions disabled Status: Enabled for 0 days 00:36:23 Debug: Misc =20 Hostid: 0xf7895b8a =20 State Table Total Rate current entries 13 searches 61585 28.2/s inserts 322 0.1/s removals 309 0.1/s Counters match 889 0.4/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s ps -auwx ... disconnected .. /var/log/messages : Aug 4 20:10:09 host2 kernel: pf: BAD state: TCP 192.168.2.3:22 192.168.2.3:22 192.168.2.9:45297 [lo=3D4294559707 high=3D4294560735 win=3D33304 modulator=3D0] [lo=3D1818073202 high=3D1818106506 win=3D3140 modulator=3D0] 4:4 A seq=3D4294559707 ack=3D1818073202 len=3D1448 ackskew= =3D0 pkts=3D72:121 dir=3Dout,fwd Aug 4 20:10:09 host2 kernel: pf: State failure on: 1 | Aug 4 20:10:09 host2 sshd[94143]: fatal: Write failed: Operation not permitted pfctl -si: No ALTQ support in kernel ALTQ related functions disabled Status: Enabled for 0 days 00:43:20 Debug: Misc =20 Hostid: 0xf7895b8a =20 State Table Total Rate current entries 1 searches 62446 24.0/s inserts 355 0.1/s removals 354 0.1/s Counters match 951 0.4/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s On Thu, 2005-08-04 at 18:53, Daniel Hartmeier wrote: > On Thu, Aug 04, 2005 at 06:48:23PM +0100, Rod wrote: >=20 > > Have tried lists,google and multiple different variations of the above > > pf.conf but it's still happening. Any suggests? >=20 > Enable debug logging in pf (pfctl -xm), make sure all blocked packets > are logged and pflogd is running. Print the current counters values > (pfctl -si). Then reproduce the connection reset. Afterwards: >=20 > - check /var/log/messages for any messages from pf > - check pflog for any logged packets > - print the counters again (pfctl -si) and check if any of them > have increased >=20 > It might be neccessary to tcpdump one entire ssh connection (from > establishment to the point where its reset) to fully analyze the > problem, but maybe the simpler steps above will already give a hint. >=20 > Daniel --=-X8IVMSmdrQmNJdqwD6bo Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBC8l3uSKw3AiKIO7sRAsWbAJ4/DyYchYqO44/JsXkqQ78xYJdgvwCgi5mI UiLrUg+0MsL9FiHNIOUFSWY= =z4M8 -----END PGP SIGNATURE----- --=-X8IVMSmdrQmNJdqwD6bo--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1123180015.24009.45.camel>