: owner-freebsd-questi...@freebsd.org
[mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Michael Sierchio
Sent: Sunday, March 31, 2013 10:04 PM
To: Don O'Neil
Cc: freebsd-questions@freebsd.org
Subject: Re: Problems with IPFW causing failed DNS and FTP sessions
net.inet.ip.fw.dyn_short_lifetime
Okay, what's your DNS setup? Are you running a recursive cache that
contacts the root servers directly? Using your ISP's servers? Etc.
As a mitigation step, I tried pointing my caches to 8.8.8.8 and
8.8.4.4. - but it turns out that Google is intentionally blocking
(returning NX responses to)
...@tenebras.com]
Sent: Monday, April 01, 2013 7:23 AM
To: Don O'Neil
Cc: freebsd-questions@freebsd.org
Subject: Re: Problems with IPFW causing failed DNS and FTP sessions
Okay, what's your DNS setup? Are you running a recursive cache that
contacts the root servers directly? Using your ISP's servers? Etc
Hi everyone. recently my server started having issues with DNS and FTP
sessions either not resolving or timing out. I've tracked the issue down to
IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go away.
I have the basic rules like this for dns;
01160 allow udp from any
Hi everyone. recently my server started having issues with DNS and FTP
sessions either not resolving or timing out. I've tracked the issue down to
IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go away.
I have the basic rules like this for dns;
01160 allow udp from any
It would be really helpful if you'd post the ruleset.
At first glance, your stateful rules seem rather wrong, unless there's
a check-state above. Also, in and out aren't discriminating enough -
every packet is seen by the ruleset more than once. You should think
in terms of interfaces,
, and there aren't. I'm
not running NAT, it's a publically accessible IP address.
-Original Message-
From: Michael Sierchio [mailto:ku...@tenebras.com]
Sent: Sunday, March 31, 2013 8:58 PM
To: Don O'Neil
Cc: freebsd-questions@freebsd.org
Subject: Re: Problems with IPFW causing failed DNS
Don O'Neil wrote:
Hi everyone. recently my server started having issues with DNS and FTP
sessions either not resolving or timing out. I've tracked the issue down
to IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go
away.
[snip]
I'm probably not smart enough to be able
: freebsd-questions@freebsd.org
Subject: Re: Problems with IPFW causing failed DNS and FTP sessions
It would be really helpful if you'd post the ruleset.
At first glance, your stateful rules seem rather wrong, unless there's a
check-state above. Also, in and out aren't discriminating enough
On Sun, Mar 31, 2013 at 9:39 PM, Michael Powell nightre...@hotmail.com wrote:
I'm probably not smart enough to be able to help directly with your problem
but I'd like to add that there is a snowballing DNS Amplification ddos
attack against SpamHaus going on which is spilling over
Yes, this is
net.inet.ip.fw.dyn_short_lifetime ?
net.inet.ip.fw.dyn_udp_lifetime ?
You might want to increase these, given the current state of things...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To
11 matches
Mail list logo
