Date: Thu, 24 Jul 2008 06:21:53 -0400 From: "Robert Jameson" <rj@dawnshosting.com> To: freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: network problems 7.0-p3: sendto: Operation not permitted Message-ID: <9072a4470807240321y59f827fdn287011c0336ae866@mail.gmail.com> In-Reply-To: <9072a4470807240255v4d3f8e72gf8bfb39999b2dcbd@mail.gmail.com> References: <9072a4470807232259x603f46k49474f5eb309d0fa@mail.gmail.com> <20080724074919.GA36163@eos.sc1.parodius.com> <9072a4470807240255v4d3f8e72gf8bfb39999b2dcbd@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Still don't know whats going on, im currently sitting here with no firewall between me and the internet (very nervous) seeing if it fixes the problems, as of right this moment, still seeing permission denied errors. I have fixed the 403 errors now. http://rj.dawnshosting.com/fbsd_ml/ now contains sysctl.conf rc.conf pf.conf On Thu, Jul 24, 2008 at 3:49 AM, Jeremy Chadwick <koitsu@freebsd.org> wrote: > Let's see if I can figure out the multitude of things you've posted > about, since a bunch are unrelated and you appear to be flailing around > with your arms in the air. :-) Sorry about that, bit of a information overload, i really am flailing my arms around! > > > On Thu, Jul 24, 2008 at 01:59:23AM -0400, Robert Jameson wrote: > > (12:46 AM):(root@cube)/$ ping google.com > > PING google.com (72.14.207.99): 56 data bytes > > ping: sendto: Operation not permitted > > This usually indicates firewall rules on the local machine, although I > believe there are some other operations where EPERM can be returned. > Tried running with my firewall disabled/wide problem still occurs > > > > This appears to be an issue with the network. > > Can you provide uname -a output? There was a "cable modem compatibility > fix" applied to FreeBSD a while ago (a user informed me of such), > although I do not know if it applies to you, as I do not know the > original symptoms. I believe that fix was also just for TCP. > FreeBSD cube.dawnshosting.com 7.0-RELEASE-p3 FreeBSD 7.0-RELEASE-p3 #5: Wed Jul 16 21:55:02 EDT 2008 root@cube.dawnshosting.com:/usr/obj/usr/src/sys/CUBE i386 Was the patch applied upstream? if not and its not too much trouble can you point me in the direction of it. > > > I have attached my rc.conf and sysctl.conf and pf.conf please let me know > if > > any other information is required. > > > Errors from /var/log/console.log: > > > > Jul 18 21:10:02 cube kernel: Jul 18 21:10:02 cube named[908]: socket: too > > many open file descriptors > > Jul 19 00:30:13 cube kernel: Jul 19 00:30:13 cube named[9748]: socket: > too > > many open file descriptors > > Jul 19 00:30:54 cube kernel: Jul 19 00:30:14 cube last message repeated > 28 > > times > > This indicates a completely different/unrelated problem. > Ah, thought they were related, what's causing this :)! > > > > Jul 20 22:15:39 cube kernel: Limiting open port RST response from 318 to > 200 > > packets/sec > > This indicates a high number of ICMP packets being received. Keep in > mind this can also be seen due to TCP connections which are being reset > and other such things -- ICMP is at a higher layer than TCP. > > I don't think there's necessarily anything "wrong" with that number (you > show up to 740), but it would be worthwhile investigating what's > > soliciting that amount of ICMP traffic. Are you seeing this 24x7x365? Yes its constant. let it me known i also have a 2 network cards in the machne, 1 into my cable modem and nother into a linksys 16port vpn router. the defaultrouter is set to a WAN IP (not 10.192.240.1), not that any of that matters, i dont think? > > > > /etc/sysctl.conf > > net.inet.icmp.icmplim=2000 > > > > I know it seems abit high, but i kept adjusting until the error went > away. > > (not really fixing the problem?) > > It's not a big high; FreeBSD's 200 default is too low for any production > server, if you ask me. Setting it to 2000 is probably fine. I read a bit about it from the handbook, i think it's a non issue. Might be worth mentioning the only real service change to this machine was an ircd daemon w/ about 500 users. > > > > If your mail client or the mailing list prevents you from seeing the > > attached > > You can view them here: > > http://rj.dawnshosting.com/fbsd_ml/ > > You should discuss your firewalling rules on freebsd-pf, and not here. > I believe you may have some mistakes which are inducing said problem. > I will send them an e-mail shortly, thanks. > > > PS: While running tcpdump I see this > > > > tcpdump -i fxp0 > > > > Neither one of these ip's exist on my system is my cable company doing > > something wrong? > > > > > > 01:47:12.135929 arp who-has 64.253.3.161.dyn-cm-pool73.pool.hargray.nettell > > 64.253.3.1.dyn-cm-pool73.pool.hargray.net > > 01:47:12.155931 arp who-has > 216.16.218.141.dyn-cm-pool46.pool.hargray.nettell > > 216.16.218.1.dyn-cm-pool46.pool.hargray.net > > 01:47:12.196000 arp who-has 181.131.216.67.181.static.hargray.net tell > > 1.131.216.67.1.static.hargray.net > > Nope. This is normal behaviour for a cable modem network; they > constantly spam layer 2 ARP for *everyone* on the entire cable network > segment. Yes, you read that right. > ah, ok, nothing to see here, keep moving. > > > Is this an attack? > > > > 01:55:41.231722 IP cube.dawnshosting.com > purple.haze.bluntroll.in: > ICMP > > echo request, id 22055, seq 37084, length 64 > > 01:55:42.232794 IP cube.dawnshosting.com > purple.haze.bluntroll.in: > ICMP > > echo request, id 22055, seq 37085, length 64 > > At this rate (1 ICMP packet a second), absolutely not. You also don't > mention which FQDN/IP is yours; I assume "cube.dawnshosting.com", based > on your local hostname in the above. Your machine is sending out an > ICMP ping packet to purple.haze.bluntroll.in every 1 second. If you > don't know why, you need to investigate why. > Correct, cube.dawnshosting.com is the actual FreeBSD machinr. sorry for the newbish question, off the top of your head how can i see who/what is using this process? > > -- > | Jeremy Chadwick jdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9072a4470807240321y59f827fdn287011c0336ae866>