[FreeBSD] ipfilter - problemy (network unreachable a mnoho dalsich)

[Marty]

Ovladac sitovky jsem nejak nestudoval.
Jsou tam nejaky 3Comy:

Kód:

fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet6 fe80::290:27ff:fe84:40e2%fxp0 prefixlen 64 scopeid 0x1
        inet xxx netmask 0xfffffff8 broadcast xxx
        ether 00:90:27:84:40:e2
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet6 fe80::2d0:b7ff:fea9:8733%fxp1 prefixlen 64 scopeid 0x2
        inet xxx netmask 0xffffffc0 broadcast xxx
        ether 00:d0:b7:a9:87:33
        media: Ethernet 100baseTX <full-duplex>
        status: active
fxp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet6 fe80::2aa:ff:fead:2dc1%fxp2 prefixlen 64 scopeid 0x3
        inet 10.9.0.1 netmask 0xffffff00 broadcast 10.9.0.255
        ether 00:aa:00:ad:2d:c1
        media: Ethernet 100baseTX <full-duplex>
        status: active

fxp0 je externi, zapojena do malyho switchiku a odtamtud do routeru ISP.
fxp1 je interni s verejnou adresou, za ni je jedna sit.
fxp2 je interni s NATem do privatniho rozsahu do druhe site.

Vsechno jsou 3Comy, PL se projevuje pri monitoringu ze site 1 do site 2 i do internetu.
Jedina externi sitovka ma nastaveno autodetect na LS a duplex, protoze je v nemanagovatelnym switchi.

Co se tyce sitovek, tak muzu zkusit vymenit, ale IMHO hardwarove budou v pohode.

Jak zjistit nejake info z toho ovladace?

[Fox!MURDER]

Ovladac sitovky jsem nejak nestudoval.
Jsou tam nejaky 3Comy:

Kód:

fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet6 fe80::290:27ff:fe84:40e2%fxp0 prefixlen 64 scopeid 0x1
        inet xxx netmask 0xfffffff8 broadcast xxx
        ether 00:90:27:84:40:e2
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet6 fe80::2d0:b7ff:fea9:8733%fxp1 prefixlen 64 scopeid 0x2
        inet xxx netmask 0xffffffc0 broadcast xxx
        ether 00:d0:b7:a9:87:33
        media: Ethernet 100baseTX <full-duplex>
        status: active
fxp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet6 fe80::2aa:ff:fead:2dc1%fxp2 prefixlen 64 scopeid 0x3
        inet 10.9.0.1 netmask 0xffffff00 broadcast 10.9.0.255
        ether 00:aa:00:ad:2d:c1
        media: Ethernet 100baseTX <full-duplex>
        status: active

fxp0 je externi, zapojena do malyho switchiku a odtamtud do routeru ISP.
fxp1 je interni s verejnou adresou, za ni je jedna sit.
fxp2 je interni s NATem do privatniho rozsahu do druhe site.

Vsechno jsou 3Comy, PL se projevuje pri monitoringu ze site 1 do site 2 i do internetu.
Jedina externi sitovka ma nastaveno autodetect na LS a duplex, protoze je v nemanagovatelnym switchi.

Co se tyce sitovek, tak muzu zkusit vymenit, ale IMHO hardwarove budou v pohode.

Jak zjistit nejake info z toho ovladace?

3com?

Kód:

fxp - Intel EtherExpress Pro/100B ethernet device driver

jen tak cvicne muzes zkusit ifconfig fxp? link0
nepredpokladam, ze by to melo nejakej efekt, ale cvicne

jo a btw. nejaky vypojeni,zapojeni kabelu tomu nepomuze. unload reload firewallu taky ne. jediny co opravdu zabira je restart. je to tak ?

[Marty]

Jo, sorry, 3comy mam na testovacim firewallu.

Kód:

fxp0: <Intel 82559 Pro/100 Ethernet> port 0x2000-0x203f mem 0xf4300000-0xf4300fff,0xf4000000-0xf40fffff irq 17 at device 13.0 on pci0
miibus0: <MII bus> on fxp0
inphy0: <i82555 10/100 media interface> on miibus0
inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp0: Ethernet address: 00:90:27:84:40:e2
fxp1: <Intel 82559 Pro/100 Ethernet> port 0x2040-0x207f mem 0xf4301000-0xf4301fff,0xf4100000-0xf41fffff irq 21 at device 14.0 on pci0
miibus1: <MII bus> on fxp1
inphy1: <i82555 10/100 media interface> on miibus1
inphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp1: Ethernet address: 00:d0:b7:a9:87:33
fxp2: <Intel 82557 Pro/100 Ethernet> port 0x2080-0x209f mem 0xf4305000-0xf4305fff,0xf4200000-0xf42fffff irq 16 at device 16.0 on pci0
miibus2: <MII bus> on fxp2
nsphy0: <DP83840 10/100 media interface> on miibus2
nsphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp2: Ethernet address: 00:aa:00:ad:2d:c1

Nemohlo by se stat, ze se ovladac pro Intel natahne k nejakymu jinymu zarizeni? 2 Intely tam byly, ale to treti se mi nejak nezda. Checknu to.. ale az nekdy zitra.

Jinak co dela ten ifconfig link0? nic to neudelalo...


EDIT
jo, vyresi to restart serveru, reload ani restart firewallu ne. vytazeni/zatazeni kabelu netestovano, jsem vetsinou dost mimo. Ale mozna se tam dnes zastavim to zkusit.

[Fox!MURDER]

Jo, sorry, 3comy mam na testovacim firewallu.

Kód:

fxp0: <Intel 82559 Pro/100 Ethernet> port 0x2000-0x203f mem 0xf4300000-0xf4300fff,0xf4000000-0xf40fffff irq 17 at device 13.0 on pci0
miibus0: <MII bus> on fxp0
inphy0: <i82555 10/100 media interface> on miibus0
inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp0: Ethernet address: 00:90:27:84:40:e2
fxp1: <Intel 82559 Pro/100 Ethernet> port 0x2040-0x207f mem 0xf4301000-0xf4301fff,0xf4100000-0xf41fffff irq 21 at device 14.0 on pci0
miibus1: <MII bus> on fxp1
inphy1: <i82555 10/100 media interface> on miibus1
inphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp1: Ethernet address: 00:d0:b7:a9:87:33
fxp2: <Intel 82557 Pro/100 Ethernet> port 0x2080-0x209f mem 0xf4305000-0xf4305fff,0xf4200000-0xf42fffff irq 16 at device 16.0 on pci0
miibus2: <MII bus> on fxp2
nsphy0: <DP83840 10/100 media interface> on miibus2
nsphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp2: Ethernet address: 00:aa:00:ad:2d:c1

Nemohlo by se stat, ze se ovladac pro Intel natahne k nejakymu jinymu zarizeni? 2 Intely tam byly, ale to treti se mi nejak nezda. Checknu to.. ale az nekdy zitra.

Jinak co dela ten ifconfig link0? nic to neudelalo...


EDIT
jo, vyresi to restart serveru, reload ani restart firewallu ne. vytazeni/zatazeni kabelu netestovano, jsem vetsinou dost mimo. Ale mozna se tam dnes zastavim to zkusit.

link0 naleje do sitovky custom firmware ... (mimo jine by tam mel bejt tusim interrupt offloading)
co se ti u ty treti nezda?

[Marty]

Uz nic, overil jsem to - vsechno jsou to intely, takze OK.

A ten link0 bohuzel beze zmeny.

[Jezevec]

net.inet.ipf.fr_tcpidletimeout: 864000

zmensi to, ta hodnota = nezavreny TCP spojeni ti vytimeoutuje az po 10 dnech.
Nerikam, ze je to tim, ale zkus to zmensit. Melo by se jit i podivat, kolik jich mas otevrenejch, ale nevim jak, neco jako netstat ?

Pokud to pomuze, tak hledej problem v nejaky zabugovany aplikaci.

[Marty]

Zabugovanou aplikaci budu hledat tezko, bezi tam kde co, od browseru az po p2p / dc, torrent...

na otevreny spojeni se mrknu.