Strange TCP Issue

Roddie Hasan roddie at krweb.net
Wed Mar 31 15:46:30 PST 2004


Background
----------

Running FreeBSD 4.9-STABLE updated this week (though the problem goes back
at least two weeks).  This isn't a new server and has been running its
current install since the 4.1 days.  There aren't any sysctl or tuning
customizations, not really running any special or oddball services.

It's a dual-homed server running ipf/ipnat, apache, bind, mysql, and
sendmail.  Again, nothing out of the ordinary.  The ipf rules are very
relaxed, and I'm not running stateful.

The Issue
---------

Every few hours (I can't get more specific, it varies), I am unable to
establish *new* outgoing tcp connections via the outside interface (ed0).
The problem goes away after a few minutes (again, it varies), and
everything works fine.

The weird part is that existing tcp sessions remain operational and the
really weird part is that I *can* establish tcp sessions from NAT clients
going through the server.

New outbound sessions just hang - I've been using telnet to test to
various ports on servers that are up.  New inbound sessions to the server
work just fine, outbound sessions through the other nic (xl0) work fine.
Pings in all directions work.

I've eliminated DNS and mbufs as the issue, netstat -f doesn't look
abnormal, and there aren't a whole lot of open connections.  The routing
table is simple and sane (again, NAT connections work).  I don't believe
ipf or ipnat to be the problem since the configuration is very simple and
looking at ipnat -l and ipfstat, everything seems normal.  Again, NAT
connections through the server work just fine.

As I said, the problem started about two weeks ago, I *believe* after a
buildworld, but I wouldn't bet my life on it.  There were no other changes
made to the server that I can recall that would cause this, but I'm open
to any ideas at this point.

Thanks for any help!

Roddie




More information about the freebsd-questions mailing list