Date: Sun, 11 Feb 2007 08:36:03 +1100 From: Peter Jeremy <peterjeremy@optushome.com.au> To: stable@freebsd.org Subject: Random "Network is unreachable" on 6.2-RELEASE Message-ID: <20070210213603.GU834@turion.vk2pj.dyndns.org>
next in thread | raw e-mail | index | archive | help
--aZoGpuMECXJckB41 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I've recently upgraded my firewall from 5.4 to 6.2-RELEASE and am now getting random "Network is unreachable" messages on connections to the firewall from my internal network. Some checking suggests it also affects connections from and through my firewall as well. I have had about 6 attempts at copying a 600MB data file to the firewall and they generally drop out after 100-200MB - though not at the same place. It looks very much like pattern sensitivity. The firewall rules have not changed and look as below. fxp0 is internet and fxp1 is internal. Has anyone else seen anything like this? fwall# ifconfig -a fxp0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=3D8<VLAN_MTU> inet xxx.xxx.xxx.xxx netmask 0xffffff00 broadcast xxx.xxx.xxx.255 ether 00:d0:b7:91:d7:e4 media: Ethernet autoselect (100baseTX <full-duplex>) status: active fxp1: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=3D8<VLAN_MTU> inet 10.11.12.1 netmask 0xffffff00 broadcast 10.11.12.255 ether 00:d0:b7:b2:51:15 media: Ethernet autoselect (100baseTX <full-duplex>) status: active lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet 127.0.0.1 netmask 0xff000000=20 fwall# ipfw list 00010 allow ip from any to any 65535 deny ip from any to any fwall# ipfstat -io block out all pass out quick on lo0 all block out quick on fxp1 all head 20 pass out quick on fxp1 proto udp from 10.11.12.1/32 to 10.11.12.0/24 port = =3D ntp group 20 pass out quick on fxp1 proto tcp from 10.11.12.1/32 to 10.11.12.0/24 port = =3D ssh flags S/FSRPAU keep state group 20 pass out quick on fxp1 proto tcp from 10.11.12.1/32 to 10.11.12.0/24 port = =3D smtp flags S/FSRPAU keep state group 20 block out log quick all group 20 block out quick on fxp0 all head 21 =2E.. block out log quick all group 21 block out log all block in all pass in quick on lo0 all block in quick on fxp1 all head 10 pass in quick on fxp1 proto tcp from any to any flags S/FSRPAU keep state k= eep frags group 10 pass in quick on fxp1 proto udp from any to any keep state keep frags group= 10 pass in quick on fxp1 proto icmp from any to any keep state keep frags grou= p 10 block in log quick all group 10 block in quick on fxp0 all head 11 =2E.. block in log quick all group 11 block in log all fwall#=20 --=20 Peter Jeremy --aZoGpuMECXJckB41 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFzjrD/opHv/APuIcRAtLrAJ4tZumWTKeHQX/5dUXkNgvwCbrf4wCgjVau 0AownO11XVX4NO/Z8L+aL9Y= =R183 -----END PGP SIGNATURE----- --aZoGpuMECXJckB41--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070210213603.GU834>