On 2007-Feb-17 13:39:06 +1100, Peter Jeremy <[EMAIL PROTECTED]> wrote: >I've recently upgraded my home firewall from FreeBSD 5.4 (IPfilter >v3.4.35) to FreeBSD 6.2-RELEASE (IPfilter v4.1.13) and am now having >problems with IPfilter randomly blocking packets on both the internal >and external interfaces. > >This morning, I had a couple of ssh connections from an internal host >to my firewall drop out with the following logged: >Feb 17 08:50:00 fwall sshd[13919]: fatal: Write failed: Network is unreachable >Feb 17 08:50:00 fwall sshd[13747]: fatal: Write failed: Network is unreachable >Feb 17 08:50:01 fwall ipmon[13795]: 08:50:00.888727 fxp1 @20:4 b >192.168.234.1,22 -> 192.168.234.164,51955 PR tcp len 20 468 -AP 457306297 >554349920 33304 OUT >Feb 17 08:50:01 fwall ipmon[13795]: 08:50:00.904192 fxp1 @20:4 b >192.168.234.1,22 -> 192.168.234.164,51235 PR tcp len 20 180 -AP 1754826132 >2941552523 33304 OUT
I have now upgraded to v4.1.23 and am still seeing the same problem: Aug 9 18:01:36 fwall ipmon[589]: 18:01:35.783429 STATE:NEW 192.168.234.164,53626 -> 192.168.234.1,22 PR tcp ... Aug 10 00:00:01 fwall ipmon[589]: 00:00:01.160127 fxp1 @20:4 b 192.168.234.1,22 -> 192.168.234.164,53626 PR tcp len 20 228 -AP OUT Aug 10 00:00:01 fwall sshd[32382]: fatal: Write failed: Network is unreachable Aug 10 00:00:01 fwall ipmon[589]: 00:00:01.160127 fxp1 @20:4 b 192.168.234.1,22 -> 192.168.234.164,53626 PR tcp len 20 228 -AP OUT Aug 10 00:04:02 fwall ipmon[589]: 00:04:01.729852 STATE:CLOSE 192.168.234.164,53626 -> 192.168.234.1,22 PR tcp Forward: Pkts in 21172 Bytes in 1112827 Pkts out 0 Bytes out 0 Backward: Pkts in 0 Bytes in 0 Pkts out 21200 Bytes out 4664315 There are no other ipmon reports for that socket. A tcpdump shows: 23:59:55.977835 IP 192.168.234.1.22 > 192.168.234.164.53626: P 3520800:3520976(176) ack 4993 win 33304 <nop,nop,timestamp 367775596 26862523> 23:59:56.077611 IP 192.168.234.164.53626 > 192.168.234.1.22: . ack 3520976 win 33304 <nop,nop,timestamp 26863544 367775596> 23:59:57.000152 IP 192.168.234.1.22 > 192.168.234.164.53626: P 3520976:3521136(160) ack 4993 win 33304 <nop,nop,timestamp 367776618 26863544> 23:59:57.100079 IP 192.168.234.164.53626 > 192.168.234.1.22: . ack 3521136 win 33304 <nop,nop,timestamp 26864566 367776618> 23:59:58.021720 IP 192.168.234.1.22 > 192.168.234.164.53626: P 3521136:3521312(176) ack 4993 win 33304 <nop,nop,timestamp 367777639 26864566> 23:59:58.121575 IP 192.168.234.164.53626 > 192.168.234.1.22: . ack 3521312 win 33304 <nop,nop,timestamp 26865587 367777639> 23:59:59.043462 IP 192.168.234.1.22 > 192.168.234.164.53626: P 3521312:3521488(176) ack 4993 win 33304 <nop,nop,timestamp 367778661 26865587> 23:59:59.143100 IP 192.168.234.164.53626 > 192.168.234.1.22: . ack 3521488 win 33304 <nop,nop,timestamp 26866608 367778661> 00:00:00.065524 IP 192.168.234.1.22 > 192.168.234.164.53626: P 3521488:3521664(176) ack 4993 win 33304 <nop,nop,timestamp 367779683 26866608> 00:00:00.165554 arp who-has 192.168.234.1 tell 192.168.234.164 00:00:00.165603 IP 192.168.234.164.53626 > 192.168.234.1.22: . ack 3521664 win 33304 <nop,nop,timestamp 26867630 367779683> 00:00:00.165877 arp reply 192.168.234.1 is-at 00:d0:b7:b2:51:15 00:00:01.269534 IP 192.168.234.1.22 > 192.168.234.164.53626: FP 3521664:3521840(176) ack 4993 win 33304 <nop,nop,timestamp 367780886 26867630> 00:00:01.272932 IP 192.168.234.164.53626 > 192.168.234.1.22: . ack 3521841 win 33216 <nop,nop,timestamp 26868733 367780886> 00:00:01.272994 IP 192.168.234.164.53626 > 192.168.234.1.22: F 4993:4993(0) ack 3521841 win 33216 <nop,nop,timestamp 26868734 367780886> 00:00:01.273583 IP 192.168.234.1.22 > 192.168.234.164.53626: . ack 4994 win 33303 <nop,nop,timestamp 367780890 26868734> 00:00:04.902626 IP 192.168.234.1.123 > 192.168.123.128.123: NTPv4, symmetric passive, length 48 -- Peter Jeremy
pgpsQKZaxz3Qg.pgp
Description: PGP signature
