Date: Thu, 15 Jul 1999 13:02:22 +0100 From: Karl Pielorz <kpielorz@tdx.co.uk> To: questions@freebsd.org Subject: Strange goins on with IPFW ? Message-ID: <378DCDCE.B6053096@tdx.co.uk>
next in thread | raw e-mail | index | archive | help
Hi All, A faultless machine we've been using for a firewall failed today, in a very unusual way... It decided to 'silently' drop any packets coming to / from port 25 for our hosts... Checking the /var/log/messages for 'denied' packets showed nothing... Running tcpdump on the interface would show packets coming in fxp0 for the host, going out of fxp1 to that host. On the flipside, the replies would go into fxp1 on the host, and just 'not appear' on fxp0 (destined for the Internet). Yet, internal hosts trying to connect to external machines on port 80, would work fine - as would anything connecting inbound on port 80. Has anyone seen anything like this before? - The machine had been up for 207 days before this problem happened... It was almost like the firewall had a rule saying "deny from any to any 25" - which it definitely didn't have! Looking through the logs, I did find some interesting messages, such as: " Jul 14 20:15:01 spider /kernel: ipfw: 10800 Deny UDP 194.134.135.28:31790 195. Jul 14 20:15:01 spider /kernel: 188.211.199:31789 in via fxp0 " (Why did this line get split across two syslog entries?) And, " Jul 13 19:22:56 spider /kernel: rm_class: bogus time values " (Anyone know what this means?) The machines a P200, w/16Mb RAM and running FreeBSD 2.2.7-RELEASE. It's got no services running on it, and normally sits there with about 8 processes running, and a load-average of 0.00 Rebooting the machine (which runs the same firewall config as it comes up - it's not been changed in months) fixed the problem... -Kp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?378DCDCE.B6053096>