Hi All,
Just got an issue with a pf firewall dropping packets. Well it
*appears* to be dropping packets, but I don't think it really is.
The sypmtoms are, if I run 'mtr' to www.google.co.uk I get:
Hostname Last 42 pings
1. bristol-office-gw.netsig .........................................
2. 213.133.67.242 ..????......?.......??............???....
3. fa0-0-4.bris1.as8553.net .......>.................................
4. so-0-2-1.lon1.as8553.net .........................................
5. 195.66.224.125 .........................................
6. 216.239.43.120 .........................................
7. 72.14.233.81 .........................................
8. 216.239.43.34 .........................................
9. nf-in-f147.google.com .........................................
Scale: .:2 ms 1:5 ms 2:8 ms 3:15 ms a:33 ms b:50 ms c:80 ms
The pf firewall is the 2nd hop (213.133.67.242) running OpenBSD 3.9/
i386 with pair of onboard intel gigabit NICS (em).
So it *looks* like the firewall is dropping packets destined to it,
but not through it. I looked closer, and it looks like mtr judges
the connectivity of each hop by making sure if gets a ttl exceeded
message back. If I ping 213.133.67.242 directly, or ping
213.133.67.245 which is the carp0 address then it works fine.
So I guess the question is, under what circumstances would OpenBSD
start dropping ICMP ttl exceeded messages back to the sender?
Currently the firewall seems to be doing 2-4000 pps.
Any ideas?
-Matt
--
Matt Hamilton [EMAIL PROTECTED]
Netsight Internet Solutions, Ltd. Business Vision on the Internet
http://www.netsight.co.uk +44 (0)117 9090901
Web Design | Zope/Plone Development & Consulting | Co-location | Hosting
