Problems with IPFW causing failed DNS and FTP sessions
Don O'Neil
lists at lizardhill.com
Mon Apr 1 03:36:55 UTC 2013
Hi everyone. recently my server started having issues with DNS and FTP
sessions either not resolving or timing out. I've tracked the issue down to
IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go away.
I have the basic rules like this for dns;
01160 allow udp from any to any dst-port 53 in keep-state
01161 allow tcp from any to any dst-port 53 in keep-state
01162 allow udp from any to any dst-port 53 out keep-state
01163 allow tcp from any to any dst-port 53 out keep-state
When I try an nslookup sometimes they fail, sometimes they get through, even
if I change my DNS server to google, my ISP, or even OpenDNS. the firewall
seems to be causing the issue.
I have about 65 rules in all.
Any ideas what could be causing this? My server load is low, usually
hovering around .2
How can I look at the actual amount of traffic that the IPFW module is
processing and track down potential performance issues? My server isn't
pushing much data, only around 4-5 Mbps sustained.
Thanks!
More information about the freebsd-questions
mailing list