[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: IPF dropping my TCP sessions
Martti Kuparinen wrote:
I have big problems with IPF 4.1.29 on NetBSD 5.0_RC2. I had two SSH
sessions open and they were visible as
Source IP Destination IP ST PR #pkts
10.0.18.3,36821 xxx.xxx.xxx.130,22 4/4 tcp 213
10.0.18.3,45536 xxx.xxx.xxx.140,22 4/4 tcp 43
Later (say 15 minutes or so, i.e. not even close to the TTL) I noticed
both my SSH sessions were unresponsive so I logged into the firewall
and and saw no state entries for my SSH sessions.
Anyone else having similar problems with IPF on NetBSD 5.0?
This might in fact be ipnat related as I have no problems at work were
the firewall is running NetBSD/amd64 5.0_RC2 but we are using public IP
addresses and no NAT at all...
I found a "solution" for my problem, I added
*/10 * * * * /sbin/ipf -F s
to /var/cron/tabs/root and now things work much better again. Here's a graph
from my firewall, I installed the cron job yesterday evening so you can clearly
see number of sessions go down with this flushing job.
I don't know if flushing every 10 minutes ("*/10 *") is overkill, maybe once per
hour ("* */1") or so would be enough. Anyway, so far everything has been stable
without any connection breaks...
Main Index |
Thread Index |