From owner-freebsd-questions@FreeBSD.ORG Tue Feb 28 11:27:16 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9241116A420 for ; Tue, 28 Feb 2006 11:27:16 +0000 (GMT) (envelope-from nvass@teledomenet.gr) Received: from matrix.teledomenet.gr (dns1.teledomenet.gr [213.142.128.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id D2B4543D45 for ; Tue, 28 Feb 2006 11:27:14 +0000 (GMT) (envelope-from nvass@teledomenet.gr) Received: from iris ([192.168.1.71]) by matrix.teledomenet.gr (8.12.10/8.12.10) with ESMTP id k1SBRDuq012834; Tue, 28 Feb 2006 13:27:13 +0200 From: Nikos Vassiliadis To: freebsd-questions@freebsd.org Date: Tue, 28 Feb 2006 13:23:23 +0200 User-Agent: KMail/1.8.3 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200602281323.24012.nvass@teledomenet.gr> Cc: Perttu Laine Subject: Re: imap problem with blackhole X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2006 11:27:16 -0000 On Sunday 26 February 2006 14:26, Perttu Laine wrote: > Hello! > > I have problem with imap. Works fine if blackhole (tcp) is set to 0, but I > set it 1 or 2 imap stops responding (timeouts). Dovecot imap and freebsd > 5.4. So. What could be case here? I suspect that it's trying to do something to localhost and doesn't get a reply back. Many programs behave like that, in my case kmail. It was trying to use rpc, other programs try to use ident. So, first find out what it's trying to do, use netstat -nafinet and you'll see some some TCP sockets in SYN_SENT state, for example: nik:0:~$ telnet 127.1 & [1] 75027 nik:1:~$ Trying 127.0.0.1... netstat -nafinet Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 127.0.0.1.56239 127.0.0.1.23 SYN_SENT [...] telnet will time out eventually. The kernel never sends a TCP reset there 'cause tcp.blackhole=1 step 2, use your favorite firewall to return an active reply(TCP reset), in my case: root:0:~# pfctl -srules No ALTQ support in kernel ALTQ related functions disabled block return in inet proto tcp from 127.0.0.1 to 127.0.0.1 port = sunrpc block return in inet proto udp from 127.0.0.1 to 127.0.0.1 port = sunrpc block drop in log inet proto tcp from any to any port 6000:6010 flags S/SA root:0:~# perhaps in a more complex situation(UDP) you should use a packet filter to log everything that goes through the loopback interface. Are you using TCP AND UDP blackhole? HTH, Nikos > > -- > kpn @ IRCnet > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"