Hi Jeremy,

I tried without none rules on ipfw FreeBSD (just "allow ip from any to any")
and error continues occurring.

How I can disable the TCP extensions?

I tried to set this value on this sysctl (sysctl net.inet.tcp.rfc1323=0) but
not work.



2008/11/3, Jeremy Chadwick <[EMAIL PROTECTED]>:
>
> On Mon, Nov 03, 2008 at 10:43:52PM -0200, J MPZ wrote:
> > Hi guys,
> >
> > I have some problem with my FreeBSD server. I have this:
> >
> > #########                                    ###########      #########
> > # Linux1  #  -> ASA  -> Internet  -> # FreeBSD  #  -> # Linux2 #
> > #########                                    ###########      #########
> >
> > If I run a ssh for Linux1 to FreeBSD, my connection freeze when the
> return
> > of some command is a big text. Example:
> >
> > I make a ssh connection in the from the Linux1 to FreeBSD server, then, I
> > execute some commands, like: 'pwd', 'whoami', 'ls /'... this work
> perfectly.
> > But, if I run some command that return a big text, like as: 'ls /dev/',
> or
> > top, my connection freeze.
> >
> > In other terminal, the tcpdump continues showing packets in this
> connection
> > that was freeze.
>
> Does the FreeBSD machine run a firewall at all, e.g. pf(4)?
>
> If so, you probably have some rules which are broken.  (I've seen this
> problem on FreeBSD 6.x when using rules which are not correctly
> configured to match initiate state).  Also, if a firewall is in use and
> you're blocking all forms of ICMP, that would impact path MTU discovery.
> Naughty.
>
> You might also try disabling TCP extensions on the FreeBSD box to see if
> it makes any difference.  Note that this can impact performance (large
> TCP window sizes won't be negotiated), but it's worth disabling for a
> test case.
>
> sysctl net.inet.tcp.rfc1323=0
>
> > If I try to access the Linux2, throught FreeBSD (redirect port on natd or
> > redirect port with rinetd), the same thing happens.
> >
> > Is this a problem with FreeBSD? Someone know how I can fix it? Some
> sysctl?
>
> --
> | Jeremy Chadwick                                jdc at parodius.com |
> | Parodius Networking                       http://www.parodius.com/ |
> | UNIX Systems Administrator                  Mountain View, CA, USA |
> | Making life hard for others since 1977.              PGP: 4BD6C0CB |
>
>
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to