Date: Thu, 10 Feb 2005 12:53:48 +0100 From: Emanuel Strobl <emanuel.strobl@gmx.net> To: freebsd-stable@freebsd.org Cc: stable@freebsd.org Subject: Re: 5.3-Stable network issue Message-ID: <200502101253.58985@harrymail> In-Reply-To: <BE3174EB.18AC8%diskiller@diskiller.net> References: <BE3174EB.18AC8%diskiller@diskiller.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2107250.0NrrVKbHPP Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Donnerstag, 10. Februar 2005 11:00 schrieb Martin Minkus: > I seem to have been having a rather strange networking issue in FreeBSD > 5.3-Stable (it started happening immediately after 5.2.1 and has persisted > since.. I keep =B3hoping=B2 that next time I cvsup it will be fixed, but = no). > > I downgraded back to 5.2.1-p13 and it is perfectly fine once again. > > > *** Some background information: > > My FreeBSD box is my home NAT router, server, firewall, etc. It does DHCP, > MX for some of my domains, secondary DNS (I got primary elsewhere), apache > for some webhosting, blah blah blah. Nothing really special. It is a Dual > PIII-500, 512mb ram, and a couple ATA hdd=B9s. Had 3 realtek network > interfaces, but down to 2 now. > > *** The problem: > > Networking simply "stops" or "locks up". Why, I don't know. I believe > initially it happened for all 3 network cards... I thought tcp/ip > processing or something in the kernel got locked. It happens every 30 > minutes to an hour, and lasts about 60 seconds to 120 seconds. > Unfortunately, 60 seconds to 120 seconds is long enough to kill messenger > (my gf does not like), online gaming, etc etc. Just a wils guess: Try setteing 'debug.mpsafet=3D0' in /boot/loader.conf I had similar problems with pf and RELENG_5=20 No soultion though :( =2DHarry > > Lately, I had taken one of the realtek cards out (it was for a several km > long wireless link) and moved the server to my gf's place (where I am now > 100% of the time). So now that I have the server locally and rely on it f= or > my internet connection, this has become a real PAIN. > > I've noticed that I can remain ssh'd into diablo, do whatever I want while > this "lock" issue occurs. So the lan interface rl0 is fine. The internet > interface, rl1 (which goes to the cable modem) locks up. (btw, its not the > cable modem as I am using my gf's now, and it did this at my place on my > cable modem too, which is a different brand. Nortel at my place, motorola > at my gfs). > > *** Attempts: > > I've attempted switching out network cards, and places 3 other realtek > cards in. Different brands, all with different revisions (D instead of B, > etc, etc). > > No matter what I try, nothing fixes it. The machine seems perfectly > repsonsive, and I am still ssh'd in and can do whatever I want on it... B= ut > the network card going to the cable modem has stopped responding?! > > This never happened during 5.0-Current all throughout 5.2.1-STABLE, but > anywhere beyond 5.2.1 it craps itself. > > > *** Dmesg output: > > Copyright (c) 1992-2004 The FreeBSD Project. > Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 > The Regents of the University of California. All rights reserved. > FreeBSD 5.2.1-RELEASE-p13 #2: Thu Feb 10 18:39:33 CST 2005 > diskiller@diablo.diskiller.net:/junk/obj/junk/src/sys/DIABLO > Preloaded elf kernel "/boot/kernel/kernel" at 0xc076c000. > MPTable: <OEM00000 PROD00000000> > Timecounter "i8254" frequency 1193182 Hz quality 0 > CPU: Pentium III/Pentium III Xeon/Celeron (504.72-MHz 686-class CPU) > Origin =3D "GenuineIntel" Id =3D 0x673 Stepping =3D 3 > > Features=3D0x387fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE= ,MCA >, CMOV,PAT,PSE36,PN,MMX,FXSR,SSE> > real memory =3D 536870912 (512 MB) > avail memory =3D 516034560 (492 MB) > FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs > cpu0 (BSP): APIC ID: 0 > cpu1 (AP): APIC ID: 1 > ioapic0: Assuming intbase of 0 > ioapic0 <Version 1.1> irqs 0-23 on motherboard > Pentium Pro MTRR support enabled > npx0: [FAST] > npx0: <math processor> on motherboard > npx0: INT 16 interface > pcibios: BIOS version 2.10 > Using $PIR table, 7 entries at 0xc00fdcf0 > pcib0: <Intel 82443BX (440 BX) host to PCI bridge> at pcibus 0 on > motherboard > pci0: <PCI bus> on pcib0 > pci_cfgintr: 0:10 INTA BIOS irq 10 > pci_cfgintr: 0:12 INTA BIOS irq 11 > agp0: <Intel 82443BX (440 BX) host to PCI bridge> mem 0xd0000000-0xd3ffff= ff > at device 0.0 on pci0 > pcib1: <PCI-PCI bridge> at device 1.0 on pci0 > pci1: <PCI bus> on pcib1 > isab0: <PCI-ISA bridge> at device 7.0 on pci0 > isa0: <ISA bus> on isab0 > atapci0: <Intel PIIX4 UDMA33 controller> port 0xf000-0xf00f at device 7.1 > on pci0 > ata0: at 0x1f0 irq 14 on atapci0 > ata0: [MPSAFE] > ata1: at 0x170 irq 15 on atapci0 > ata1: [MPSAFE] > uhci0: <Intel 82371AB/EB (PIIX4) USB controller> port 0xe000-0xe01f at > device 7.2 on pci0 > pci_cfgintr: 0:7 INTD routed to irq 11 > usb0: <Intel 82371AB/EB (PIIX4) USB controller> on uhci0 > usb0: USB revision 1.0 > uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 > uhub0: 2 ports with 2 removable, self powered > piix0: <PIIX Timecounter> port 0x5000-0x500f at device 7.3 on pci0 > Timecounter "PIIX" frequency 3579545 Hz quality 0 > pci0: <display, VGA> at device 8.0 (no driver attached) > rl0: <RealTek 8139 10/100BaseTX> port 0xe400-0xe4ff mem > 0xd7000000-0xd70000ff irq 10 at device 10.0 on pci0 > rl0: Ethernet address: 00:00:21:f2:a5:47 > miibus0: <MII bus> on rl0 > rlphy0: <RealTek internal media interface> on miibus0 > rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > rl1: <RealTek 8139 10/100BaseTX> port 0xe800-0xe8ff mem > 0xd7001000-0xd70010ff irq 11 at device 12.0 on pci0 > rl1: Ethernet address: 00:40:f4:90:1c:4b > miibus1: <MII bus> on rl1 > rlphy1: <RealTek internal media interface> on miibus1 > rlphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > orm0: <Option ROMs> at iomem 0xc8000-0xcbfff,0xc0000-0xc7fff on isa0 > pmtimer0 on isa0 > atkbdc0: <Keyboard controller (i8042)> at port 0x64,0x60 on isa0 > atkbd0: <AT Keyboard> irq 1 on atkbdc0 > kbd0 at atkbd0 > fdc0: ready for input in output > fdc0: cmd 3 failed at out byte 1 of 3 > sc0: <System console> at flags 0x100 on isa0 > sc0: VGA <16 virtual consoles, flags=3D0x300> > sio0: configured irq 4 not in bitmap of probed irqs 0 > sio0: port may not be enabled > sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 > sio0: type 8250 or not responding > sio1: configured irq 3 not in bitmap of probed irqs 0 > sio1: port may not be enabled > vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 > unknown: <PNP0303> can't assign resources (port) > unknown: <PNP0c02> can't assign resources (memory) > unknown: <PNP0a03> can't assign resources (port) > Timecounters tick every 10.000 msec > ipfw2 initialized, divert enabled, rule-based forwarding enabled, default > to deny, logging unlimited > GEOM: create disk ad0 dp=3D0xc4445260 > ad0: 19569MB <WDC WD205AA-00BAA0> [39761/16/63] at ata0-master UDMA33 > GEOM: create disk ad2 dp=3D0xc4445c60 > ad2: 76319MB <ST380021A> [155061/16/63] at ata1-master UDMA33 > acd0: CDRW <SONY CD-RW CRX140E> at ata1-slave PIO4 > SMP: AP CPU #1 Launched! > Mounting root from ufs:/dev/ad0s1a > pid 524 (my_print_defaults), uid 88: exited on signal 11 > pid 529 (my_print_defaults), uid 88: exited on signal 11 > pid 544 (mysqld), uid 88: exited on signal 11 > pid 700 (my_print_defaults), uid 1000: exited on signal 11 (core dumped) > diablo:~> > > Dmesg output didn=B9t look particularly different in 5.3-stable. The > coredumps are due to the downgrade and being linked against newer libs fr= om > 5.3. > > > *** Kernel configuration: > > diablo:/usr/src/sys/i386/conf> cat DIABLO > # > # GENERIC -- Generic kernel configuration file for FreeBSD/i386 > # > # For more information on this file, please read the handbook section on > # Kernel Configuration Files: > # > # > http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-co= nf >i g.html > # > # The handbook is also available locally in /usr/share/doc/handbook > # if you've installed the doc distribution, otherwise always see the > # FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the > # latest information. > # > # An exhaustive list of options and more detailed explanations of the > # device lines is also present in the ../../conf/NOTES and NOTES files. > # If you are in doubt as to the purpose or necessity of a line, check fir= st > # in NOTES. > # > # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.413.2.8 2004/10/24 17:42:08 > scottl Exp $ > > machine i386 > #cpu I486_CPU > cpu I586_CPU > cpu I686_CPU > ident DIABLO > > # To statically compile in device wiring instead of /boot/device.hints > #hints "GENERIC.hints" # Default places to look for > devices. > > options SCHED_4BSD # 4BSD scheduler > options INET # InterNETworking > #options INET6 # IPv6 communications protocols > options FFS # Berkeley Fast Filesystem > options SOFTUPDATES # Enable FFS soft updates support > options UFS_ACL # Support for access control lists > options UFS_DIRHASH # Improve performance on big > directories > #options MD_ROOT # MD is a potential root device > options NFSCLIENT # Network Filesystem Client > options NFSSERVER # Network Filesystem Server > #options NFS_ROOT # NFS usable as /, requires > NFSCLIENT > options MSDOSFS # MSDOS Filesystem > options CD9660 # ISO 9660 Filesystem > options PROCFS # Process filesystem (requires > PSEUDOFS) > options PSEUDOFS # Pseudo-filesystem framework > options GEOM_GPT # GUID Partition Tables. > options COMPAT_43 # Compatible with BSD 4.3 [KEEP > THIS!] > options COMPAT_FREEBSD4 # Compatible with FreeBSD4 > options SCSI_DELAY=3D5000 # Delay (in ms) before probing = SCSI > options KTRACE # ktrace(1) support > options SYSVSHM # SYSV-style shared memory > options SYSVMSG # SYSV-style message queues > options SYSVSEM # SYSV-style semaphores > options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time > extensions > options KBD_INSTALL_CDEV # install a CDEV entry in /dev > options AHC_REG_PRETTY_PRINT # Print register bitfields in deb= ug > # output. Adds ~128k to driver. > options AHD_REG_PRETTY_PRINT # Print register bitfields in deb= ug > # output. Adds ~215k to driver. > #options ADAPTIVE_GIANT # Giant mutex is adaptive. > > > # Firewall > options IPFIREWALL # Firewall (ipfw) > options IPFIREWALL_VERBOSE # Verbose errors > #options IPFIREWALL_FORWARD # Transparent forwarding > options IPDIVERT # For NATD > #options DUMMYNET # Traffic Shaping! > > # IPsec > #options IPSEC > #options IPSEC_ESP > > # To make an SMP kernel, the next two are needed > options SMP # Symmetric MultiProcessor Kernel > device apic # I/O APIC > > # Bus support. Do not remove isa, even if you have no isa slots > device isa > device eisa > device pci > > # Floppy drives > device fdc > > # ATA and ATAPI devices > device ata > device atadisk # ATA disk drives > #device ataraid # ATA RAID drives > device atapicd # ATAPI CDROM drives > #device atapifd # ATAPI floppy drives > #device atapist # ATAPI tape drives > options ATA_STATIC_ID # Static device numbering > > # SCSI Controllers > #device ahb # EISA AHA1742 family > #device ahc # AHA2940 and onboard AIC7xxx devices > #device ahd # AHA39320/29320 and onboard AIC79xx > devices #device amd # AMD 53C974 (Tekram DC-390(T)) > #device isp # Qlogic family > #device mpt # LSI-Logic MPT-Fusion > #device ncr # NCR/Symbios Logic > device sym # NCR/Symbios Logic (newer chipsets + tho= se > of `ncr') > device trm # Tekram DC395U/UW/F DC315U adapters > > #device adv # Advansys SCSI adapters > #device adw # Advansys wide SCSI adapters > #device aha # Adaptec 154x SCSI adapters > #device aic # Adaptec 15[012]x SCSI adapters, > AIC-6[23]60. > #device bt # Buslogic/Mylex MultiMaster SCSI adapters > > #device ncv # NCR 53C500 > #device nsp # Workbit Ninja SCSI-3 > #device stg # TMC 18C30/18C50 > > # SCSI peripherals > device scbus # SCSI bus (required for SCSI) > #device ch # SCSI media changers > device da # Direct Access (disks) > #device sa # Sequential Access (tape etc) > #device cd # CD > #device pass # Passthrough device (direct SCSI access) > #device ses # SCSI Environmental Services (and SAF-TE) > > # RAID controllers interfaced to the SCSI subsystem > #device amr # AMI MegaRAID > #device asr # DPT SmartRAID V, VI and Adaptec SCSI RA= ID > #device ciss # Compaq Smart RAID 5* > #device dpt # DPT Smartcache III, IV - See NOTES for > options > #device hptmv # Highpoint RocketRAID 182x > #device iir # Intel Integrated RAID > #device ips # IBM (Adaptec) ServeRAID > #device mly # Mylex AcceleRAID/eXtremeRAID > #device twa # 3ware 9000 series PATA/SATA RAID > > # RAID controllers > #device aac # Adaptec FSA RAID > #device aacp # SCSI passthrough for aac (requires CAM) > #device ida # Compaq Smart RAID > #device mlx # Mylex DAC960 family > #device pst # Promise Supertrak SX6000 > #device twe # 3ware ATA RAID > > # atkbdc0 controls both the keyboard and the PS/2 mouse > device atkbdc # AT keyboard controller > device atkbd # AT keyboard > device psm # PS/2 mouse > > device vga # VGA video card driver > > device splash # Splash screen and screen saver support > > # syscons is the default console driver, resembling an SCO console > device sc > > # Enable this for the pcvt (VT220 compatible) console driver > #device vt > #options XSERVER # support for X server on a vt console > #options FAT_CURSOR # start with block cursor > > device agp # support several AGP chipsets > > # Floating point support - do not disable. > device npx > > # Power management support (see NOTES for more options) > #device apm > # Add suspend/resume support for the i8254. > device pmtimer > > # PCCARD (PCMCIA) support > # PCMCIA and cardbus bridge support > #device cbb # cardbus (yenta) bridge > #device pccard # PC Card (16-bit) bus > #device cardbus # CardBus (32-bit) bus > > # Serial (COM) ports > device sio # 8250, 16[45]50 based serial ports > > # Parallel port > #device ppc > #device ppbus # Parallel port bus (required) > #device lpt # Printer > #device plip # TCP/IP over parallel > #device ppi # Parallel port interface device > #device vpo # Requires scbus and da > > # If you've got a "dumb" serial or parallel PCI card that is > # supported by the puc(4) glue driver, uncomment the following > # line to enable it (connects to the sio and/or ppc drivers): > #device puc > > # PCI Ethernet NICs. > #device de # DEC/Intel DC21x4x (``Tulip'') > #device em # Intel PRO/1000 adapter Gigabit Ethernet > Card > #device ixgb # Intel PRO/10GbE Ethernet Card > #device txp # 3Com 3cR990 (``Typhoon'') > #device vx # 3Com 3c590, 3c595 (``Vortex'') > > # PCI Ethernet NICs that use the common MII bus controller code. > # NOTE: Be sure to keep the 'device miibus' line in order to use these > NICs! device miibus # MII bus support > #device bfe # Broadcom BCM440x 10/100 Ethernet > #device bge # Broadcom BCM570xx Gigabit Ethernet > #device dc # DEC/Intel 21143 and various workalikes > #device fxp # Intel EtherExpress PRO/100B (82557, > 82558) #device lge # Level 1 LXT1001 gigabit ethernet > #device nge # NatSemi DP83820 gigabit ethernet #devic= e=20 > pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc') > #device re # RealTek 8139C+/8169/8169S/8110S > device rl # RealTek 8129/8139 > #device sf # Adaptec AIC-6915 (``Starfire'') > #device sis # Silicon Integrated Systems SiS 900/SiS > 7016 > #device sk # SysKonnect SK-984x & SK-982x gigabit > Ethernet > #device ste # Sundance ST201 (D-Link DFE-550TX) > #device ti # Alteon Networks Tigon I/II gigabit > Ethernet > #device tl # Texas Instruments ThunderLAN > #device tx # SMC EtherPower II (83c170 ``EPIC'') > #device vge # VIA VT612x gigabit ethernet > #device vr # VIA Rhine, Rhine II > #device wb # Winbond W89C840F > #device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') > > # ISA Ethernet NICs. pccard NICs included. > #device cs # Crystal Semiconductor CS89x0 NIC > # 'device ed' requires 'device miibus' > #device ed # NE[12]000, SMC Ultra, 3c503, DS8390 car= ds > #device ex # Intel EtherExpress Pro/10 and Pro/10+ > #device ep # Etherlink III based cards > #device fe # Fujitsu MB8696x based cards > #device ie # EtherExpress 8/16, 3C507, StarLAN 10 et= c. > #device lnc # NE2100, NE32-VL Lance Ethernet cards > #device sn # SMC's 9000 series of Ethernet chips > #device xe # Xircom pccard Ethernet > > # ISA devices that use the old ISA shims > #device le > > # Wireless NIC cards > #device wlan # 802.11 support > #device an # Aironet 4500/4800 802.11 wireless NICs. > #device awi # BayStack 660 and others > #device wi # WaveLAN/Intersil/Symbol 802.11 wireless > NICs. > #device wl # Older non 802.11 Wavelan wireless NIC. > > # Pseudo devices. > device loop # Network loopback > #device mem # Memory and kernel memory devices > #device io # I/O device > device random # Entropy device > device ether # Ethernet support > #device sl # Kernel SLIP > #device ppp # Kernel PPP > device tun # Packet tunnel. > device pty # Pseudo-ttys (telnet etc) > device md # Memory "disks" > device gif # IPv6 and IPv4 tunneling > #device faith # IPv6-to-IPv4 relaying (translation) > > # The `bpf' device enables the Berkeley Packet Filter. > # Be aware of the administrative consequences of enabling this! > device bpf # Berkeley packet filter > > # USB support > device uhci # UHCI PCI->USB interface > device ohci # OHCI PCI->USB interface > device usb # USB Bus (required) > #device udbp # USB Double Bulk Pipe devices > device ugen # Generic > device uhid # "Human Interface Devices" > device ukbd # Keyboard > device ulpt # Printer > device umass # Disks/Mass storage - Requires scbus and > da device ums # Mouse > #device urio # Diamond Rio 500 MP3 player > #device uscanner # Scanners > # USB Ethernet, requires mii > #device aue # ADMtek USB Ethernet > #device axe # ASIX Electronics USB Ethernet > #device cue # CATC USB Ethernet > #device kue # Kawasaki LSI USB Ethernet > #device rue # RealTek RTL8150 USB Ethernet > > # FireWire support > #device firewire # FireWire bus code > #device sbp # SCSI over FireWire (Requires scbus and > da) #device fwe # Ethernet over FireWire > (non-standard!) diablo:/usr/src/sys/i386/conf> > > > I simply commented out the lines that failed in 5.2 since they were for 5= =2E3 > (ie, device io, device mem, and options ADAPTIVE_GIANT) > > > *** Interfaces: > > rl0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > options=3D8<VLAN_MTU> > inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 > ether 00:00:21:f2:a5:47 > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > rl1: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > options=3D8<VLAN_MTU> > inet 144.136.223.204 netmask 0xfffffc00 broadcast 255.255.255.255 > ether 00:40:f4:90:1c:4b > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > inet 127.0.0.1 netmask 0xff000000 > > > *** Firewall: > > diablo:/home/diskiller# more /etc/firewall.diablo > ######################################################################## > ### FIREWALL ########################################################### > ######################################################################## > > # external if =3D rl1 > # internal if =3D rl0 > # internal net =3D 10.0.0.0/24 > > # EVIL SHIT > add deny log tcp from any to any 137,138,139 via rl1 > add deny log udp from any to any 137,138,139 via rl1 > > # Allow your loop back to work > add allow all from any to any via lo0 > > # DHCP > add allow udp from any to any 67,68 > > # Prevent spoofing of your loopback > add deny log all from any to 127.0.0.0/8 > add deny log all from 127.0.0.0/8 to any > > # Stop spoofing of your internal network range > add deny log ip from 10.0.0.0/24 to any in via rl1 > > # Stop spoofing from inside your private ip range > add deny log ip from not 10.0.0.0/24 to any in via rl0 > > # Something from the bigpond network, and NEEDS to be here before below > # rules block it. Its a heartbeat, among other things? *confusing* > add allow ip from 10.64.28.1 to any in via rl1 > > # Stop private networks (RFC1918) from entering the outside interface. > add deny log ip from 192.168.0.0/16 to any in via rl1 > add deny log ip from 172.16.0.0/12 to any in via rl1 > add deny log ip from 10.0.0.0/8 to any in via rl1 > add deny log ip from any to 192.168.0.0/16 in via rl1 > add deny log ip from any to 172.16.0.0/12 in via rl1 > add deny log ip from any to 10.0.0.0/8 in via rl1 > > # NATD > add divert natd all from any to any via rl1 > > # UDP > add allow udp from any to any > > # Allow IPsec connections flow freely > #add allow esp from any to any > > # Allow VPN data to flow free via rl2 (where my VPN to matt is over > wireless) > #add allow ipencap from any to any via rl2 > > # Allow existing tcp connections open from inside my lan to keep working > add allow tcp from any to any established > > # Allow internal lan machines to open connections to the gw/Internet > add allow tcp from 10.0.0.0/24 to any setup # my lan > #add allow tcp from 10.0.2.0/24 to any setup # wireless lan (+ homer) > #add allow tcp from 10.0.4.0/24 to any setup # matt's lan > > # Allow gw to open connections to the Internet (tcp/udp/etc) > add allow ip from 144.136.0.0/16 to any setup out via rl1 > > # Allow some ICMP's > add allow icmp from any to any icmptypes 3,4,11,12,8,0 > > # Diablo services - Incoming connections allowed > add allow tcp from any to any 21 in via rl1 setup > add allow tcp from any to any 22 in via rl1 setup > add allow tcp from any to any 25 in via rl1 setup > add allow tcp from any to any 53 in via rl1 setup > add allow tcp from any to any 80 in via rl1 setup > #add allow tcp from any to any 110 in via rl1 setup > #add allow tcp from any to any 143 in via rl1 setup > add allow tcp from any to any 993 in via rl1 setup > add allow tcp from any to any 995 in via rl1 setup > #add allow tcp from any to any 3389 in via rl1 setup # RD > #add allow tcp from any to any 6667 in via rl1 setup # IRC server > #add allow tcp from 144.136.0.0/16 to any 5901 in via rl1 setup # VNC on > diablo > #add allow tcp from 203.194.94.0/24 to any 5901 in via rl1 setup # VNC on > diablo > #add allow tcp from any to any 6881 # Bit Torrent > #add allow tcp from any to any 6882 # Bit Torrent > #add allow tcp from any to any 6883 # Bit Torrent > #add allow tcp from any to any 6884 # Bit Torrent > #add allow tcp from any to any 6112 # SC/BW > > # UT2003/UT2004 > add allow tcp from any to any 7777 in via rl1 setup > add allow tcp from any to any 7778 in via rl1 setup > add allow tcp from any to any 7787 in via rl1 setup > add allow tcp from any to any 7788 in via rl1 setup > > # Politely and quickly rejects AUTH requests (IRC!! #*()@$@#$) > add reset tcp from any to any 113 in via rl1 > > # Make the default 'deny' rule log too. > add 65500 deny log ip from any to any > diablo:/home/diskiller# > > > > I really hope someone can figure this one out... > > Thanks, > Martin. > > -- > diskiller@diskiller.net | www.diskiller.net | irc.diskiller.net > > (No trees were destroyed in the sending of this message. However, a > large number of electrons were significantly inconvenienced.) > > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" --nextPart2107250.0NrrVKbHPP Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCC0tWBylq0S4AzzwRAuSaAJsGLm+paqj0dvzMqV7H/R/OVmvpWgCeK1bb 3HTUrckvVciIgODLG11IM2U= =uWhI -----END PGP SIGNATURE----- --nextPart2107250.0NrrVKbHPP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502101253.58985>