Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 11 Feb 2007 08:36:03 +1100
From:      Peter Jeremy <peterjeremy@optushome.com.au>
To:        stable@freebsd.org
Subject:   Random "Network is unreachable" on 6.2-RELEASE
Message-ID:  <20070210213603.GU834@turion.vk2pj.dyndns.org>

next in thread | raw e-mail | index | archive | help

--aZoGpuMECXJckB41
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I've recently upgraded my firewall from 5.4 to 6.2-RELEASE and am now
getting random "Network is unreachable" messages on connections to the
firewall from my internal network.  Some checking suggests it also
affects connections from and  through my firewall as well.

I have had about 6 attempts at copying a 600MB data file to the
firewall and they generally drop out after 100-200MB - though not at
the same place.  It looks very much like pattern sensitivity.

The firewall rules have not changed and look as below.  fxp0 is
internet and fxp1 is internal.

Has anyone else seen anything like this?

fwall# ifconfig -a
fxp0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=3D8<VLAN_MTU>
        inet xxx.xxx.xxx.xxx netmask 0xffffff00 broadcast xxx.xxx.xxx.255
        ether 00:d0:b7:91:d7:e4
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
fxp1: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=3D8<VLAN_MTU>
        inet 10.11.12.1 netmask 0xffffff00 broadcast 10.11.12.255
        ether 00:d0:b7:b2:51:15
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000=20
fwall# ipfw list
00010 allow ip from any to any
65535 deny ip from any to any
fwall# ipfstat -io
block out all
pass out quick on lo0 all
block out quick on fxp1 all head 20
pass out quick on fxp1 proto udp from 10.11.12.1/32 to 10.11.12.0/24 port =
=3D ntp group 20
pass out quick on fxp1 proto tcp from 10.11.12.1/32 to 10.11.12.0/24 port =
=3D ssh flags S/FSRPAU keep state group 20
pass out quick on fxp1 proto tcp from 10.11.12.1/32 to 10.11.12.0/24 port =
=3D smtp flags S/FSRPAU keep state group 20
block out log quick all group 20
block out quick on fxp0 all head 21
=2E..
block out log quick all group 21
block out log all
block in all
pass in quick on lo0 all
block in quick on fxp1 all head 10
pass in quick on fxp1 proto tcp from any to any flags S/FSRPAU keep state k=
eep frags group 10
pass in quick on fxp1 proto udp from any to any keep state keep frags group=
 10
pass in quick on fxp1 proto icmp from any to any keep state keep frags grou=
p 10
block in log quick all group 10
block in quick on fxp0 all head 11
=2E..
block in log quick all group 11
block in log all
fwall#=20

--=20
Peter Jeremy

--aZoGpuMECXJckB41
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)

iD8DBQFFzjrD/opHv/APuIcRAtLrAJ4tZumWTKeHQX/5dUXkNgvwCbrf4wCgjVau
0AownO11XVX4NO/Z8L+aL9Y=
=R183
-----END PGP SIGNATURE-----

--aZoGpuMECXJckB41--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070210213603.GU834>