From owner-freebsd-net@FreeBSD.ORG Fri Nov 30 19:10:03 2007 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0D5E916A41B for ; Fri, 30 Nov 2007 19:10:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 022E813C45A for ; Fri, 30 Nov 2007 19:10:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id lAUJA2JU067502 for ; Fri, 30 Nov 2007 19:10:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id lAUJA2K4067501; Fri, 30 Nov 2007 19:10:02 GMT (envelope-from gnats) Date: Fri, 30 Nov 2007 19:10:02 GMT Message-Id: <200711301910.lAUJA2K4067501@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: Remko Lodder Cc: Subject: Re: kern/106438: ipfilter: keep state does not seem to allow replies in on spar64 (and maybe others) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Remko Lodder List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Nov 2007 19:10:03 -0000 The following reply was made to PR kern/106438; it has been noted by GNATS. From: Remko Lodder To: Manuel Tobias Schiller Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: kern/106438: ipfilter: keep state does not seem to allow replies in on spar64 (and maybe others) Date: Fri, 30 Nov 2007 20:03:31 +0100 Manuel Tobias Schiller wrote: > Hello, > > I've gathered the information you have asked for, see the attachment. > I hope it helps us to get an idea of what's going wrong. Any help with > this would be appreciated. > > Thanks in advance. > > Manuel > > P.S. I did the | grep hme3 in the attachment to not clutter the output > with irrelevant stuff. All other rules are bound to their respective > interface (hme0, hme1, hme2, le0) and should not influence hme3. > Besides, there's a lot of traffic going on on le0 which does not need to > be mentioned in the ipfstat output because the machine in question is > headless and can only be reached with a serial line (with a laptop down > in the cellar) or a dedicated network interface (le0, for which I > need to have rules that pass everything). > > On Thu, Dec 07, 2006 at 10:16:19AM +0100, Remko Lodder wrote: >> Hello, >> >> >> First of all thanks for using FreeBSD! >> >> If you run ipmon, what kind of details do you see in the log? It mentions where it is blocked and you >> can review that rule with ipfstat -hion (list everything in out, do not resolve and show the amount >> of hits on the rule) >> >> Thanks in advance >> >> -- >> Kind regards, >> >> Remko Lodder ** remko@elvandar.org >> FreeBSD ** remko@FreeBSD.org >> >> /* Quis custodiet ipsos custodes */ >> > Dear Manuel, It took a lot of time for me to set this up properly, but I managed to work this out; actually this is not a ipfilter problem but it seems that hme0 is not capable of doing incoming and outgoing checksumming. I faced the same problem, and by issueing a ifconfig hme0 -txcsum -rxcsum I resolved the problem. The ipfilter errors vanished after that. I'll try to have a look at the intel gigabit card in the machine (manually added) and see whether that has a similiar issue.. Cheers remko -- /"\ Best regards, | remko@FreeBSD.org \ / Remko Lodder | remko@EFnet X http://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News