Problems with FreeBSD
J MPZ
joompz at gmail.com
Tue Nov 4 05:11:15 PST 2008
Hi Jeremy,
I tried without none rules on ipfw FreeBSD (just "allow ip from any to any")
and error continues occurring.
How I can disable the TCP extensions?
I tried to set this value on this sysctl (sysctl net.inet.tcp.rfc1323=0) but
not work.
2008/11/3, Jeremy Chadwick <koitsu at freebsd.org>:
>
> On Mon, Nov 03, 2008 at 10:43:52PM -0200, J MPZ wrote:
> > Hi guys,
> >
> > I have some problem with my FreeBSD server. I have this:
> >
> > ######### ########### #########
> > # Linux1 # -> ASA -> Internet -> # FreeBSD # -> # Linux2 #
> > ######### ########### #########
> >
> > If I run a ssh for Linux1 to FreeBSD, my connection freeze when the
> return
> > of some command is a big text. Example:
> >
> > I make a ssh connection in the from the Linux1 to FreeBSD server, then, I
> > execute some commands, like: 'pwd', 'whoami', 'ls /'... this work
> perfectly.
> > But, if I run some command that return a big text, like as: 'ls /dev/',
> or
> > top, my connection freeze.
> >
> > In other terminal, the tcpdump continues showing packets in this
> connection
> > that was freeze.
>
> Does the FreeBSD machine run a firewall at all, e.g. pf(4)?
>
> If so, you probably have some rules which are broken. (I've seen this
> problem on FreeBSD 6.x when using rules which are not correctly
> configured to match initiate state). Also, if a firewall is in use and
> you're blocking all forms of ICMP, that would impact path MTU discovery.
> Naughty.
>
> You might also try disabling TCP extensions on the FreeBSD box to see if
> it makes any difference. Note that this can impact performance (large
> TCP window sizes won't be negotiated), but it's worth disabling for a
> test case.
>
> sysctl net.inet.tcp.rfc1323=0
>
> > If I try to access the Linux2, throught FreeBSD (redirect port on natd or
> > redirect port with rinetd), the same thing happens.
> >
> > Is this a problem with FreeBSD? Someone know how I can fix it? Some
> sysctl?
>
> --
> | Jeremy Chadwick jdc at parodius.com |
> | Parodius Networking http://www.parodius.com/ |
> | UNIX Systems Administrator Mountain View, CA, USA |
> | Making life hard for others since 1977. PGP: 4BD6C0CB |
>
>
More information about the freebsd-questions
mailing list