From owner-freebsd-stable Fri Jul 13 0:46:48 2001 Delivered-To: freebsd-stable@freebsd.org Received: from mailx.info.com.ph (mailx.info.com.ph [203.172.11.23]) by hub.freebsd.org (Postfix) with ESMTP id 47D9237B405 for ; Fri, 13 Jul 2001 00:46:37 -0700 (PDT) (envelope-from nitronarc@foresightone.com) Received: from it_manager.foresightone.com ([202.163.219.61]) by mailx.info.com.ph (8.11.2/8.11.2) with ESMTP id f6D7eAM15302 for ; Fri, 13 Jul 2001 15:40:11 +0800 (HKT) Message-Id: <5.1.0.14.2.20010713154530.01e93ec0@pop.info.com.ph> X-Sender: f1si@pop.info.com.ph (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 13 Jul 2001 15:46:23 +0800 To: freebsd-stable@freebsd.org From: "Ramoncito P. Puyat" Subject: can't see tcp4 in netstat -an Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi! This evening I discovered something peculiar about the netstat -an of our gateway machine. We noticed that all of the tcp4 entries in the active ports list is missing. Does anybody have any idea about this. What can we do about it. The tcp services are still active, however, it takes a very much longer time to establish a connection. These are just basic functions such as smtp, pop and ssh. Can anybody help me out? I included the outputs of the netstat, ipf.rules, ipnat.rules, kernel config file, dmesg and rc.conf for your evaluation. TIA Ramon p.s. we are using a P-200MMX, 64MB machine with 4.3-RC installed. %netstat -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) udp4 0 0 127.0.0.1.123 *.* udp4 0 0 192.168.0.1.123 *.* udp4 0 0 xxx.xxx.xxx.xxx.123 *.* udp4 0 0 *.123 *.* udp4 0 0 *.68 *.* udp4 0 0 *.* *.* Active UNIX domain sockets Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr c61aff40 dgram 0 0 0 c61affc0 0 c61afec0 c61afec0 dgram 0 0 0 c61affc0 0 c61aff00 c61aff00 dgram 0 0 0 c61affc0 0 c61aff80 c61aff80 dgram 0 0 0 c61affc0 0 0 c61affc0 dgram 0 0 c61a9240 0 c61aff40 0 /var/run/log %cat /etc/ipf.rules pass in quick on lo0 all pass out quick on lo0 all pass in quick on ed1 all pass out quick on ed1 all pass out quick on ed0 proto tcp from any to any keep state pass out quick on ed0 proto udp from any to any keep state pass out quick on ed0 proto icmp from any to any keep state block out quick on ed0 all pass in quick on ed0 proto udp from xxx.xxx.xxx.xxx to any port = 68 keep state pass in log quick on ed0 proto tcp from any to any port = 22 keep state pass in quick on ed0 proto tcp from any to any port = 25 keep state pass in log quick on ed0 proto tcp from any to any port = 110 keep state pass in log quick on ed0 proto tcp from any to any port = 80 pass in log quick on ed0 proto tcp from any to any port = 10000 block return-rst in log quick on ed0 proto tcp from any to any block return-icmp-as-dest(port-unr) in log quick on ed0 proto udp from any to any block in log quick on ed0 all %cat /etc/ipnat.rules map ed0 192.168.0.0/24 -> 0/32 %cat /sys/i386/conf/GATEWAY machine i386 cpu I586_CPU ident GATEWAY maxusers 32 options INET #InterNETworking options FFS #Berkeley Fast Filesystem options FFS_ROOT #FFS usable as root device [keep this!] options SOFTUPDATES #Enable FFS soft updates support options MFS #Memory Filesystem options MSDOSFS #MSDOS Filesystem options CD9660 #ISO 9660 Filesystem options PROCFS #Process filesystem options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI options UCONSOLE #Allow users to grab the console options USERCONFIG #boot -c editor options VISUAL_USERCONFIG #visual boot -c editor options KTRACE #ktrace(1) support options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores options P1003_1B #Posix P1003_1B real-time extensions options _KPOSIX_PRIORITY_SCHEDULING options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK options TCP_DROP_SYNFIN options TCP_RESTRICT_RST options ICMP_BANDLIM #Rate limit bad replies options KBD_INSTALL_CDEV # install a CDEV entry in /dev device isa device eisa device pci # Floppy drives device fdc0 at isa? port IO_FD1 irq 6 drq 2 device fd0 at fdc0 drive 0 # ATA and ATAPI devices device ata0 at isa? port IO_WD1 irq 14 device ata1 at isa? port IO_WD2 irq 15 device ata device atadisk # ATA disk drives device atapicd # ATAPI CDROM drives options ATA_STATIC_ID #Static device numbering # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc0 at isa? port IO_KBD device atkbd0 at atkbdc? irq 1 flags 0x1 device vga0 at isa? options VESA # splash screen/screen saver pseudo-device splash # syscons is the default console driver, resembling an SCO console device sc0 at isa? flags 0x100 # Floating point support - do not disable. device npx0 at nexus? port IO_NPX irq 13 # Serial (COM) ports device sio0 at isa? port IO_COM1 flags 0x10 irq 4 device sio1 at isa? port IO_COM2 irq 3 device sio2 at isa? disable port IO_COM3 irq 5 device sio3 at isa? disable port IO_COM4 irq 9 # Parallel port device ppc0 at isa? irq 7 device ppbus # Parallel port bus (required) device lpt # Printer # ISA Ethernet NICs. device ed0 at isa? port 0x280 irq 10 iomem 0xd8000 # Pseudo devices - the number indicates how many units to allocated. pseudo-device loop # Network loopback pseudo-device ether # Ethernet support pseudo-device sl 2 # Kernel SLIP pseudo-device ppp 2 # Kernel PPP pseudo-device tun 2 # Packet tunnel. pseudo-device pty # Pseudo-ttys (telnet etc) pseudo-device md # Memory "disks" # The `bpf' pseudo-device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! pseudo-device bpf 4 #Berkeley packet filter %dmesg Copyright (c) 1992-2001 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.3-RC #0: Sun Apr 15 17:34:37 PHT 2001 xxxxxxxxx@gateway.xxxxxx.com:/usr/src/sys/compile/GATEWAY Timecounter "i8254" frequency 1193182 Hz Timecounter "TSC" frequency 166395480 Hz CPU: Pentium/P54C (166.40-MHz 586-class CPU) Origin = "GenuineIntel" Id = 0x52c Stepping = 12 Features=0x1bf real memory = 67108864 (65536K bytes) avail memory = 62693376 (61224K bytes) Intel Pentium detected, installing workaround for F00F bug VESA: v1.2, 1024k memory, flags:0x0, mode table:0xc00c4c13 (c0004c13) VESA: S3 Incorporated. Trio64V+ md0: Malloc disk npx0: on motherboard npx0: INT 16 interface pcib0: on motherboard pci0: on pcib0 isab0: at device 7.0 on pci0 isa0: on isab0 atapci0: port 0xf000-0xf00f at device 7.1 on pci0 ata0: at 0x1f0 irq 14 on atapci0 ata1: at 0x170 irq 15 on atapci0 ed0: port 0x6100-0x611f irq 11 at device 17.0 on pci0 ed0: address 00:c0:26:9d:03:b1, type NE2000 (16 bit) ed1: port 0x6200-0x621f irq 10 at device 18.0 on pci0 ed1: address 00:00:1c:3a:00:00, type NE2000 (16 bit) pci0: at 19.0 irq 9 fdc0: at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0 fdc0: FIFO enabled, 8 bytes threshold fd0: <1440-KB 3.5" drive> on fdc0 drive 0 atkbdc0: at port 0x60,0x64 on isa0 atkbd0: flags 0x1 irq 1 on atkbdc0 kbd0 at atkbd0 vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 16550A sio1 at port 0x2f8-0x2ff irq 3 on isa0 sio1: type 16550A ppc0: at port 0x378-0x37f irq 7 on isa0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode lpt0: on ppbus0 lpt0: Interrupt-driven port IP Filter: v3.4.16 initialized. Default = block all, Logging = enabled ad0: 1625MB [3303/16/63] at ata0-master WDMA2 acd0: CDROM at ata0-slave using PIO3 Mounting root from ufs:ad0s1a swapon: adding /dev/ad0s1b as swap device Automatic boot in progress... /dev/ad0s1a: FILESYSTEM CLEAN; SKIPPING CHECKS /dev/ad0s1a: clean, 17645 free (45 frags, 2200 blocks, 0.1% fragmentation) /dev/ad0s1e: FILESYSTEM CLEAN; SKIPPING CHECKS /dev/ad0s1e: clean, 4337 free (9 frags, 541 blocks, 0.2% fragmentation) /dev/ad0s1g: FILESYSTEM CLEAN; SKIPPING CHECKS /dev/ad0s1g: clean, 279066 free (138 frags, 34866 blocks, 0.0% fragmentation) /dev/ad0s1h: FILESYSTEM CLEAN; SKIPPING CHECKS /dev/ad0s1h: clean, 99182 free (14 frags, 12396 blocks, 0.0% fragmentation) /dev/ad0s1d: FILESYSTEM CLEAN; SKIPPING CHECKS /dev/ad0s1d: clean, 40270 free (30 frags, 5030 blocks, 0.0% fragmentation) /dev/ad0s1f: FILESYSTEM CLEAN; SKIPPING CHECKS /dev/ad0s1f: clean, 261223 free (591 frags, 32579 blocks, 0.1% fragmentation) Doing initial network setup: hostname ipfilter IP Filter: already initialized IP FIlter: already initialized ipnat 0 entries flushed from NAT table 0 entries flushed from NAT list .. dhclient: New IP Address(ed0): xxx.xxx.xxx.xxx dhclient: New Subnet Mask (ed0): 255.255.255.0 dhclient: New Broadcast Address(ed0): xxx.xxx.xxx.255 dhclient: New Routers: xxx.xxx.xxx.xxx ed0: flags=8843 mtu 1500 inet xxx.xxx.xxx.xxx netmask 0xffffff00 broadcast xxx.xxx.xxx.255 ether 00:c0:26:9d:03:b1 ed1: flags=8843 mtu 1500 inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:00:1c:3a:00:00 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 Additional routing options: tcp extensions=NO IP gateway=YES TCP keepalive=YES .. routing daemons: .. additional daemons: syslogd .. Doing additional network setup: ntpd .. Starting final network daemons: .. setting ELF ldconfig path: /usr/lib /usr/lib/compat /usr/local/lib setting a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout starting standard daemons: inetd cron sendmail sshd sshd2: SSH Secure Shell 2.4.0 (non-commercial version) on i386-unknown-freebsd4.2 .. Initial rc.i386 initialization: .. rc.i386 configuring syscons: blank_time allscreens .. additional ABI support: .. starting local daemons: .. Local package initialization: Starting ddclient: .. Additional TCP options: .. Mon Jul 9 20:41:04 PHT 2001 %cat /etc/rc.conf sendmail_enable="YES" sshd_enable="YES" sshd_program="/usr/local/sbin/sshd2" portmap_enable="NO" nfs_server_enable="NO" gateway_enable="YES" tcp_extensions="NO" tcp_keepalive="YES" syslogd_flags="-ss" portmap_enable="NO" allscreens_flags="-c blink" inetd_enable="YES" network_interfaces="ed0 ed1 lo0" ifconfig_ed1="inet 192.168.0.1 netmask 255.255.255.0" ifconfig_ed0="DHCP" hostname="gateway.xxxxxx.com" ipfilter_enable="YES" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message