From owner-freebsd-net@FreeBSD.ORG Sat May 17 14:48:56 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 43D491065672; Sat, 17 May 2008 14:48:56 +0000 (UTC) (envelope-from johan@stromnet.se) Received: from core.stromnet.se (core.stromnet.se [83.218.84.131]) by mx1.freebsd.org (Postfix) with ESMTP id ED7BF8FC24; Sat, 17 May 2008 14:48:55 +0000 (UTC) (envelope-from johan@stromnet.se) Received: from localhost (core.stromnet.se [83.218.84.131]) by core.stromnet.se (Postfix) with ESMTP id AAC5CF58CF1; Sat, 17 May 2008 16:33:25 +0200 (CEST) X-Virus-Scanned: amavisd-new at stromnet.se X-Spam-Flag: NO X-Spam-Score: 0.375 X-Spam-Level: X-Spam-Status: No, score=0.375 tagged_above=0 required=6.2 tests=[AWL=2.181, BAYES_00=-2.599, RDNS_DYNAMIC=0.1, SPF_FAIL=0.693] Received: from core.stromnet.se ([83.218.84.131]) by localhost (core.stromnet.se [83.218.84.131]) (amavisd-new, port 10024) with ESMTP id 09knv3Onvj+d; Sat, 17 May 2008 16:33:23 +0200 (CEST) Received: from johan-mp.stromnet.se (90-224-172-102-no129.tbcn.telia.com [90.224.172.102]) by core.stromnet.se (Postfix) with ESMTP id 92DD4F58BC1; Sat, 17 May 2008 16:33:22 +0200 (CEST) Message-Id: <678A03F5-5E8A-4CF6-90DF-AA9A4F30FBE1@stromnet.se> From: =?ISO-8859-1?Q?Johan_Str=F6m?= To: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v919.2) Date: Sat, 17 May 2008 16:33:20 +0200 X-Mailer: Apple Mail (2.919.2) Cc: Subject: connect(): Operation not permitted X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 May 2008 14:48:56 -0000 Hello I got a FreeBSD 7 machine running mail services (among other things). =20= This machine recently replaced a FreeBSD 6.2 machine doing the same =20 tasks. Now and then I need to send alot of mail to customers (mailing list), =20= and one thing i've noticed now after the change is that when I use a =20 lot of connections subsequently (high connection rate, even if they =20 are very shortlived) inside a jail (dunno if that has anything to do =20 with it though), I start to get Operation not permitted in return to =20 connect(). I've seen this in the PHP app that sends mail, when it tried to =20 connect to localhost, as well as from postfix when it have been trying =20= to connect to amavisd on localhost, but also from postfix when it has =20= tried to connect to remote SMTP servers. I do have PF for filtering, but there are no max-src-conn-rate limits =20= enabled for any rules that is used for this. However, from one of the =20= jail I do have a hfsc queue limiting the outgoing mail traffic from =20 one jailed IP. But I'm not sure that this would be the problem, since =20= I've also seen the problem when doing localhost connects in the jail, =20= and also in other jails on an entierly different IP that is not =20 affected. Does anyone have any clues about what I can look at and tune to fix =20 this? Thanks! -- Johan Str=F6m Stromnet johan@stromnet.se http://www.stromnet.se/