Hello,
I'm trying to investigate tcp-179 connection issues with the
local frr setup. See below for more background.
The question is: What can I do to find the cause of the failing
connection ? Is there a way to trace the incoming packet to see
if it ever ends up at bgpd process ?
Background: a f
Hello,
> The basic ipfw firewall is active, but
but set to 'firewall_type="OPEN"' in /etc/rc.conf
--
p...@freebsd.org +49 171 3101372 Now what ?
> On 12. Nov 2021, at 14:09, Kurt Jaeger wrote:
>
> Hello,
>
> I'm trying to investigate tcp-179 connection issues with the
> local frr setup. See below for more background.
>
> The question is: What can I do to find the cause of the failing
> connection ? Is there a way to trace the incoming p
Hi!
> > The basic ipfw firewall is active, but
> Does it work, if you disable ipfw?
No, unfortunatly not.
--
p...@freebsd.org +49 171 3101372 Now what ?
Hi!
Changing interface flags does not change the status as well:
$ ifconfig ix0
ix0: flags=8943 metric 0 mtu
1500
options=8000a8
--
p...@freebsd.org +49 171 3101372 Now what ?
> On 12. Nov 2021, at 16:06, Kurt Jaeger wrote:
>
> Hi!
>
>>> The basic ipfw firewall is active, but
>> Does it work, if you disable ipfw?
>
> No, unfortunatly not.
OK. Can you provide the output of
netstat -sptcp
after some packets were dropped.
Best regards
Michael
>
> --
> p...@freebsd.or
Hi!
> >>> The basic ipfw firewall is active, but
> >> Does it work, if you disable ipfw?
> > No, unfortunatly not.
> OK. Can you provide the output of
> netstat -sptcp
> after some packets were dropped.
https://people.freebsd.org/~pi/logs/netstat-t1.txt
https://people.freebsd.org/~pi/logs/netst
> On 12. Nov 2021, at 16:29, Kurt Jaeger wrote:
>
> Hi!
>
> The basic ipfw firewall is active, but
Does it work, if you disable ipfw?
>
>>> No, unfortunatly not.
>
>> OK. Can you provide the output of
>> netstat -sptcp
>> after some packets were dropped.
>
> https://people.freebsd.or
Hi!
> >> OK. Can you provide the output of
> >> netstat -sptcp
> >> after some packets were dropped.
> Not sure why you provide two outputs.
I did on the dest host:
netstat -sptcp
then a few
telnet 179
then a second
netstat -sptcp
That's why I provided two outputs.
There's one small diff
Hello,
> > Background: a fbsd 13.0p4 amd64 box, with a frr-7.4_4 (or 7.5.1_3)
> > fails to act on incoming ipv4 tcp 179 connections.
That box above (c5) fails to speak to a 12.2-RELEASE-p7 box (c1).
I have a second case, between a 12.2-RELEASE-p1 and this 12.2-RELEASE-p7
box (c9), same failure.
12.11.2021 20:31, Kurt Jaeger пишет:
That's why I provided two outputs.
There's one small diff between the two that I do not understand:
- 18040 times no signature provided by segment
+ 18045 times no signature provided by segment
Hello,
This means, that received TCP segment has
Hi!
> > There's one small diff between the two that I do not understand:
> >
> > - 18040 times no signature provided by segment
> > + 18045 times no signature provided by segment
>
> This means, that received TCP segment has not TCP-MD5 signature, but
> listen socket expects it. Such
Hi!
> > > There's one small diff between the two that I do not understand:
> > > - 18040 times no signature provided by segment
> > > + 18045 times no signature provided by segment
> >
> > This means, that received TCP segment has not TCP-MD5 signature, but
> > listen socket expects
13 matches
Mail list logo