syncache_timer: Response timeout and other msgs, whats up?
Andre Oppermann
andre at freebsd.org
Mon Feb 4 00:41:35 PST 2008
Oskar Eyb wrote:
>
> Andre Oppermann schrieb am 03.02.2008 10:26:
>>> 85.214.42.62 is the other MTA, 172.16.0.2 is my jail.
>>> I use PF with rdr/nat on FreeBSD 7 RC4.
>>
>> We have not released 7RC4 yet. You probably run BETA4. An upgrade to
>> 7RC1 or 7RC2 in the next few days fixes all known TCP bugs.
>
> Yeah of course, I mean BETA4. uname says: 7.0-PRERELEASE
>
> Which tag is the best?
> currently I use release=cvs tag=RELENG_7. Will I get with this 7RC..?
Yes. Please cvsup and recompile your kernel.
>> Other than that it looks like your PF rule set may be not entirely
>> correct. Please post your pf.conf.
>
>
> expect the filter-rules this is the top of my pf.conf
>
> <some macros>
>
> set timeout { interval 30, frag 10 }
> set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
> set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
> set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
> set timeout { icmp.first 20, icmp.error 10 }
> set timeout { other.first 60, other.single 30, other.multiple 60 }
>
>
> # Normalisierung
> #scrub in all
>
> set optimization normal
> set block-policy return
This information is insufficient to see what happens in PF. I need to
see the actual firewall, nat and rdr rules. You can send them to me by
private mail (entire pf.conf).
--
Andre
More information about the freebsd-net
mailing list