From owner-freebsd-questions@freebsd.org Thu Jun 14 08:02:14 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 96F95100DF58 for ; Thu, 14 Jun 2018 08:02:14 +0000 (UTC) (envelope-from frank2@fjl.co.uk) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "bs1.fjl.org.uk", Issuer "bs1.fjl.org.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 320767BF5A for ; Thu, 14 Jun 2018 08:02:13 +0000 (UTC) (envelope-from frank2@fjl.co.uk) Received: from roundcube.fjl.org.uk (localhost [127.0.0.1]) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id w5E824KW004177 for ; Thu, 14 Jun 2018 09:02:04 +0100 (BST) (envelope-from frank2@fjl.co.uk) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 14 Jun 2018 09:02:04 +0100 From: Frank Leonhardt To: freebsd-questions@freebsd.org Subject: Re: NIC locks up for no reason =?UTF-8?Q?=28=3F=29?= Organization: FJL Microsystems In-Reply-To: <23524.1528853325@segfault.tristatelogic.com> References: <23524.1528853325@segfault.tristatelogic.com> Message-ID: <723e3e676c32d6d9b18ffd189b2730a9@roundcube.fjl.org.uk> X-Sender: frank2@fjl.co.uk User-Agent: Roundcube Webmail/0.9.2 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jun 2018 08:02:14 -0000 On 2018-06-13 02:28, Ronald F. Guilmette wrote: > I am experiencing a really rather odd problem, and could use some > helpful advice. I'm sure there is a good explanation for why this > is happening, but at the moment I have no idea what it is. > > More than a month ago, I got myself a shiny new VM on one of the > many providers of such on the Internet. I loaded up 11.1-RELEASE-p9, > fiddled sshd so that it would run on a somewehat obscure unused port. > > Anyway, after doing the above things, all was running well, and exactly > as expected for some time thereafter. (I have mostly just been using > the box for some obscure research purposes.) > > I never set up any kind of filewall on the thing because frankly, > I was doing so little with the box I didn't think I'd need one. > > Recently, I decided to install and run apache24, which I did. > I configured that also to run on a non-standard port, since my > intent was that the web stuff it would be serving up would only > be stuff that I and perhaps a few close friends would look it. > Apache started up just fine, and I was able to acces web content > on the box via the non-standard port, from a system elsewhere on the > Internet. No problem. > > Anyway, now it appears that the NIC on this VM system is effectively > locking up from time to time, and I have no idea how to even begin > to debug this problem. This happened a few days ago, and I managed > to get to a virtual console, I logged in as root, and then I rebooted > FreeBSD on the VM and again, all was well... for awhile. > > When this problem occurred before, it appeared that the (virtual) NIC > of the VM was not accepting -any- packets from outside. > > Now the NIC has locked up again. Once again, from the outside it > appears that it isn't responding to pings. or to traceroutes, or to > ssh (on my non-standard port), or to attempts to telnet to the > (non-standard) HTTP port I'm using. > > Traceroutes -out- from the VM also get absolutely nowhere... not even > one hop. Pings rom the VM to its own (externally routable) IPv4 > address work fine. > > I logged in again via the virtual console and once again, just like > the last time this happened (a couple of days ago), I can see nothing > obviously wrong. There's plenty of free disk space, and top is showing > the CPU as being >95% idle. > > ifconfig output looks perfectly normal to me... the interface in > question is listed as "UP". > > Whet the devil could be wrong? > > The relevant hosting company has assured me that they haven't been > doing > anything new or special lately. > > The Handbook says that (recent vintage) FreeBSD provides three > different > flavors of firewalls. Are any of these three enabled by default? What > about TCP Wrapper? Is that enabled by default on an out-of-the-box > install of 11.1-RELEASE? > > What else could possibly explain a NIC periodically becoming totally > unresponsive... at least from the outside... apparently just because > I had the audacity to install and run apache24? I can't think of any method whereby Apache 2.4 could do anything to the network stack, or why installing it would do something similar via a dependency. It's always possible, but I suspect your virtual machine is the problem. The simulator is never as good as the real thing. I've been making use of vultr.com's VMs for fun things, and I use 11.1-STABLE on some, running Apache 2.4 and suchlike for months without a blip on those that I don't update and reboot. I've never had a problem and I'd be happy to recommend them for this kind of thing. At $2.50/month at some locations it's a small price to pay to keep experiments off my actual hardware. Regards, Frank.