Am 02/18/15 um 10:19 schrieb David Dahlberg: > Am Mittwoch, den 18.02.2015, 08:46 +0100 schrieb Stefan Wollny: > >> Only with 'pkg_add' the connection is >> entirely gone and 'pkg_add' subsequently complains about 'No route to >> host'... and only on this particular machine. > > Just wildly guessing here: At least on Linux, the kernel will reply "No > route to host" not only if there is no route in the routing table, but > also if it received an ICMP "dest unreach", including "admin > prohibited". > > Maybe it would be useful tcpdump the the line (maybe add lo0 in case > it's something locally generated) to see if something suspicious is > happening when the connection terminates. >
Hi David, thank you for your suggestions. Well - I am just an ordinary OpenBSD-user lacking any knowledge of the kernel's interna. So I can't really comment on that, except that I have "pass on $ext_if inet proto icmp all icmp-type 8 code 0" in my pf.conf. I picked up your suggestion on watching lo0 as well (pflog0 has nothing!). Here are the last lines before the connection is lost (below this I post the output of netstat): Feb 18 11:27:22.550315 127.0.0.1.53 > 127.0.0.1.7621: 27100 1/0/0 AAAA 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:27:22.825300 127.0.0.1.44811 > 127.0.0.1.53: 43221+ A? ftp.hostserver.de. (35) Feb 18 11:27:22.827907 127.0.0.1.53 > 127.0.0.1.44811: 43221 1/0/0 A 217.31.80.35 (68) Feb 18 11:27:22.828023 127.0.0.1.34231 > 127.0.0.1.53: 50848+ AAAA? ftp.hostserver.de. (35) Feb 18 11:27:22.831648 127.0.0.1.53 > 127.0.0.1.34231: 50848 1/0/0 AAAA 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:27:23.098915 127.0.0.1.16511 > 127.0.0.1.53: 8621+ A? ftp.hostserver.de. (35) Feb 18 11:27:23.101493 127.0.0.1.53 > 127.0.0.1.16511: 8621 1/0/0 A 217.31.80.35 (68) Feb 18 11:27:23.101653 127.0.0.1.46720 > 127.0.0.1.53: 2234+ AAAA? ftp.hostserver.de. (35) Feb 18 11:27:23.105205 127.0.0.1.53 > 127.0.0.1.46720: 2234 1/0/0 AAAA 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:27:23.405236 127.0.0.1.45409 > 127.0.0.1.53: 4242+ A? ftp.hostserver.de. (35) Feb 18 11:27:23.407778 127.0.0.1.53 > 127.0.0.1.45409: 4242 1/0/0 A 217.31.80.35 (68) Feb 18 11:27:23.407947 127.0.0.1.16371 > 127.0.0.1.53: 8430+ AAAA? ftp.hostserver.de. (35) Feb 18 11:27:23.411508 127.0.0.1.53 > 127.0.0.1.16371: 8430 1/0/0 AAAA 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:27:23.679032 127.0.0.1.2311 > 127.0.0.1.53: 25995+ A? ftp.hostserver.de. (35) Feb 18 11:27:23.681589 127.0.0.1.53 > 127.0.0.1.2311: 25995 1/0/0 A 217.31.80.35 (68) Feb 18 11:27:23.681730 127.0.0.1.37804 > 127.0.0.1.53: 28055+ AAAA? ftp.hostserver.de. (35) Feb 18 11:27:23.685347 127.0.0.1.53 > 127.0.0.1.37804: 28055 1/0/0 AAAA 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:27:24.100921 127.0.0.1.18524 > 127.0.0.1.53: 55509+ A? ftp.hostserver.de. (35) Feb 18 11:27:24.103570 127.0.0.1.53 > 127.0.0.1.18524: 55509 1/0/0 A 217.31.80.35 (68) Feb 18 11:27:24.103721 127.0.0.1.36652 > 127.0.0.1.53: 48339+ AAAA? ftp.hostserver.de. (35) Feb 18 11:27:24.107271 127.0.0.1.53 > 127.0.0.1.36652: 48339 1/0/0 AAAA 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:27:24.461192 127.0.0.1.45534 > 127.0.0.1.53: 8946+ A? ftp.hostserver.de. (35) Feb 18 11:27:24.463762 127.0.0.1.53 > 127.0.0.1.45534: 8946 1/0/0 A 217.31.80.35 (68) Feb 18 11:27:24.463896 127.0.0.1.13402 > 127.0.0.1.53: 38619+ AAAA? ftp.hostserver.de. (35) Feb 18 11:27:24.467481 127.0.0.1.53 > 127.0.0.1.13402: 38619 1/0/0 AAAA 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:27:25.022575 127.0.0.1.48140 > 127.0.0.1.53: 44181+ A? ftp.hostserver.de. (35) Feb 18 11:27:25.025149 127.0.0.1.53 > 127.0.0.1.48140: 44181 1/0/0 A 217.31.80.35 (68) Feb 18 11:27:25.025271 127.0.0.1.46973 > 127.0.0.1.53: 5352+ AAAA? ftp.hostserver.de. (35) Feb 18 11:27:25.028825 127.0.0.1.53 > 127.0.0.1.46973: 5352 1/0/0 AAAA 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:27:42.868652 127.0.0.1.17889 > 127.0.0.1.53: 46223+ TXT? current.cvd.clamav.net. (40) Feb 18 11:27:47.877392 127.0.0.1.21280 > 127.0.0.1.53: 46223+ TXT? current.cvd.clamav.net. (40) Feb 18 11:27:53.384447 127.0.0.1.44956 > 127.0.0.1.53: 48829+ A? imap.web.de. (29) Feb 18 11:27:57.887443 127.0.0.1.8685 > 127.0.0.1.53: 46223+ TXT? current.cvd.clamav.net. (40) Feb 18 11:27:58.387460 127.0.0.1.39806 > 127.0.0.1.53: 48829+ A? imap.web.de. (29) Feb 18 11:27:57.887443 127.0.0.1.8685 > 127.0.0.1.53: 46223+ TXT? current.cvd.clamav.net. (40) Feb 18 11:27:58.387460 127.0.0.1.39806 > 127.0.0.1.53: 48829+ A? imap.web.de. (29) Feb 18 11:28:08.397608 127.0.0.1.24938 > 127.0.0.1.53: 48829+ A? imap.web.de. (29) Feb 18 11:28:12.928554 127.0.0.1.53 > 127.0.0.1.17889: 46223 NXDomain*- 0/1/0 (147) Feb 18 11:28:12.928576 127.0.0.1 > 127.0.0.1: icmp: 127.0.0.1 udp port 17889 unreachable Feb 18 11:28:17.897755 127.0.0.1.45338 > 127.0.0.1.53: 46223+ TXT? current.cvd.clamav.net. (40) Feb 18 11:28:17.938892 127.0.0.1.53 > 127.0.0.1.21280: 46223 NXDomain*- 0/1/0 (147) Feb 18 11:28:17.938915 127.0.0.1 > 127.0.0.1: icmp: 127.0.0.1 udp port 21280 unreachable Feb 18 11:28:23.448486 127.0.0.1.53 > 127.0.0.1.44956: 48829 NXDomain*- 0/1/0 (103) Feb 18 11:28:23.448506 127.0.0.1 > 127.0.0.1: icmp: 127.0.0.1 udp port 44956 unreachable Feb 18 11:28:27.948610 127.0.0.1.53 > 127.0.0.1.8685: 46223 NXDomain*- 0/1/0 (147) Feb 18 11:28:27.948634 127.0.0.1 > 127.0.0.1: icmp: 127.0.0.1 udp port 8685 unreachable Feb 18 11:28:28.407949 127.0.0.1.27687 > 127.0.0.1.53: 48829+ A? imap.web.de. (29) Feb 18 11:28:28.448584 127.0.0.1.53 > 127.0.0.1.39806: 48829 NXDomain*- 0/1/0 (103) Feb 18 11:28:28.448605 127.0.0.1 > 127.0.0.1: icmp: 127.0.0.1 udp port 39806 unreachable Feb 18 11:28:38.458735 127.0.0.1.53 > 127.0.0.1.24938: 48829 NXDomain*- 0/1/0 (103) Feb 18 11:28:38.458757 127.0.0.1 > 127.0.0.1: icmp: 127.0.0.1 udp port 24938 unreachable Feb 18 11:28:40.086941 127.0.0.1.45548 > 127.0.0.1.53: 7095+ A? ftp.hostserver.de. (35) Feb 18 11:28:40.089571 127.0.0.1.53 > 127.0.0.1.45548: 7095 1/0/0 A 217.31.80.35 (68) Feb 18 11:28:40.089679 127.0.0.1.13643 > 127.0.0.1.53: 32485+ AAAA? ftp.hostserver.de. (35) Feb 18 11:28:40.094173 127.0.0.1.53 > 127.0.0.1.13643: 32485 1/0/0 AAAA 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:28:47.958974 127.0.0.1.53 > 127.0.0.1.45338: 46223 NXDomain*- 0/1/0 (147) Feb 18 11:28:47.962920 127.0.0.1.47779 > 127.0.0.1.53: 52149+ A? db.DE.clamav.net. (34) Feb 18 11:28:52.968395 127.0.0.1.41379 > 127.0.0.1.53: 52149+ A? db.DE.clamav.net. (34) Feb 18 11:28:58.469091 127.0.0.1.53 > 127.0.0.1.27687: 48829 NXDomain*- 0/1/0 (103) Feb 18 11:28:58.471035 127.0.0.1.26004 > 127.0.0.1.53: 11197+ A? imap.web.de.fritz.box. (39) Feb 18 11:29:02.978467 127.0.0.1.15736 > 127.0.0.1.53: 52149+ A? db.DE.clamav.net. (34) Feb 18 11:29:03.478781 127.0.0.1.45661 > 127.0.0.1.53: 11197+ A? imap.web.de.fritz.box. (39) Feb 18 11:29:13.488609 127.0.0.1.10007 > 127.0.0.1.53: 11197+ A? imap.web.de.fritz.box. (39) Feb 18 11:29:18.019442 127.0.0.1.53 > 127.0.0.1.47779: 52149 NXDomain*- 0/1/0 (123) Feb 18 11:29:18.019465 127.0.0.1 > 127.0.0.1: icmp: 127.0.0.1 udp port 47779 unreachable Here is the output of 'netstat -afinet' _before_ and _after_ the connection is lost: ~ $ netstat -afinet Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) ip 0 0 *.* *.* 17 Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 192.168.178.31.2523 mail.posteo.de.imaps ESTABLISHED tcp 0 0 192.168.178.31.18385 mail.posteo.de.imaps ESTABLISHED tcp 0 0 192.168.178.31.10560 mail.posteo.de.imaps ESTABLISHED tcp 0 0 192.168.178.31.9643 imap.web.de.imaps ESTABLISHED tcp 0 0 192.168.178.31.42223 imap.web.de.imaps ESTABLISHED tcp 0 0 192.168.178.31.3736 mail.posteo.de.imaps ESTABLISHED tcp 0 0 192.168.178.31.47959 mail.posteo.de.imaps ESTABLISHED tcp 0 0 192.168.178.31.46099 imap.web.de.imaps ESTABLISHED tcp 0 0 192.168.178.31.19177 ftp.hostserver.d.www ESTABLISHED tcp 0 0 192.168.178.31.14960 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.14411 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.18987 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.34215 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.43175 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.28978 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.12323 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.28395 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.23519 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.4222 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.4705 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.19916 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.4860 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.31098 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.5162 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 localhost.3310 *.* LISTEN tcp 0 0 localhost.ipp *.* LISTEN tcp 0 0 *.ssh *.* LISTEN tcp 0 0 localhost.smtp *.* LISTEN tcp 0 0 *.6000 *.* LISTEN Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) udp 0 0 192.168.178.31.ntp *.* udp 0 0 *.43780 *.* udp 0 0 *.mdns *.* udp 0 0 *.syslog *.* udp 0 0 localhost.ntp *.* udp 0 0 *.domain *.* ~ $ netstat -afinet Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) ip 0 0 *.* *.* 17 Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) ^[[1;2Atcp 0 0 192.168.178.31.2523 mail.posteo.de.imaps ESTABLISHED tcp 0 0 192.168.178.31.18385 mail.posteo.de.imaps ESTABLISHED tcp 0 0 192.168.178.31.47959 mail.posteo.de.imaps ESTABLISHED tcp 0 0 192.168.178.31.46099 imap.web.de.imaps ESTABLISHED tcp 0 0 192.168.178.31.9643 imap.web.de.imaps ESTABLISHED tcp 0 0 192.168.178.31.42223 imap.web.de.imaps ESTABLISHED tcp 0 0 192.168.178.31.3736 mail.posteo.de.imaps ESTABLISHED tcp 0 0 192.168.178.31.10560 mail.posteo.de.imaps ESTABLISHED tcp 0 0 192.168.178.31.13515 ftp.hostserver.d.www SYN_SENT tcp 0 0 192.168.178.31.5162 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.14960 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.19916 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.4860 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.31098 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.14411 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.18987 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.34215 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.43175 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.28978 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.12323 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.28395 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.23519 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.4222 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 192.168.178.31.4705 192.168.178.23.3128 CLOSE_WAIT tcp 0 0 localhost.smtp *.* LISTEN tcp 0 0 *.ssh *.* LISTEN tcp 0 0 localhost.3310 *.* LISTEN tcp 0 0 *.6000 *.* LISTEN tcp 0 0 localhost.ipp *.* LISTEN Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) To me nothing suspicious here...
