On Sun, Jun 28, 2015 at 10:06:09AM +0200, Milan Obuch wrote:
> So, now I am at 10.2-PRERELEASE, r284884, and the issue is still here.
> It is totally weird, just change of IP the device is being natted to
> makes the issue disappear for this particular customer, but as soon as
> this exact IP is u
On Mon, 29 Jun 2015 08:58:38 +0200
Daniel Hartmeier wrote:
> On Sun, Jun 28, 2015 at 10:06:09AM +0200, Milan Obuch wrote:
>
> > So, now I am at 10.2-PRERELEASE, r284884, and the issue is still
> > here. It is totally weird, just change of IP the device is being
> > natted to makes the issue disa
Milan Obuch wrote:
> On Mon, 29 Jun 2015 08:58:38 +0200
> Daniel Hartmeier wrote:
>
> > On Sun, Jun 28, 2015 at 10:06:09AM +0200, Milan Obuch wrote:
> >
> > > So, now I am at 10.2-PRERELEASE, r284884, and the issue is still
> > > here. It is totally weird, just change of IP the device is being
>
On Mon, 29 Jun 2015 09:49:10 +0200
Ian FREISLICH wrote:
> Milan Obuch wrote:
> > On Mon, 29 Jun 2015 08:58:38 +0200
> > Daniel Hartmeier wrote:
> >
> > > On Sun, Jun 28, 2015 at 10:06:09AM +0200, Milan Obuch wrote:
> > >
> > > > So, now I am at 10.2-PRERELEASE, r284884, and the issue is still
On Sun, Jun 28, 2015 at 10:06:09AM +0200, Milan Obuch wrote:
> So, now I am at 10.2-PRERELEASE, r284884, and the issue is still here.
> It is totally weird, just change of IP the device is being natted to
> makes the issue disappear for this particular customer, but as soon as
> this exact IP is u
On Mon, 29 Jun 2015, Milan Obuch wrote:
> Thanks for hint, there is some logic in there, however
>
> grep /etc/*
>
> yields nothing, it is never mentioned in any config, just as part of
> pool in pf.conf statement
What about "grep -r"? My ACLs are under /etc/mail, for example.
--
Dave Horsf
On Mon, 29 Jun 2015 10:26:54 +0200
Daniel Hartmeier wrote:
> On Sun, Jun 28, 2015 at 10:06:09AM +0200, Milan Obuch wrote:
>
> > So, now I am at 10.2-PRERELEASE, r284884, and the issue is still
> > here. It is totally weird, just change of IP the device is being
> > natted to makes the issue disa
On Mon, 29 Jun 2015 18:18:26 +1000 (EST)
Dave Horsfall wrote:
> On Mon, 29 Jun 2015, Milan Obuch wrote:
>
> > Thanks for hint, there is some logic in there, however
> >
> > grep /etc/*
> >
> > yields nothing, it is never mentioned in any config, just as part of
> > pool in pf.conf statement
>
On Mon, Jun 29, 2015 at 10:52:01AM +0200, Milan Obuch wrote:
> Does this answerred your question fully or something more would be
> usefull?
Which one is the magical IP address, i.e. the one that causes trouble
once it's being used (I guess from x.y.26.0/27)?
It's always the same one, even acros
On Mon, 29 Jun 2015 11:04:48 +0200
Daniel Hartmeier wrote:
> On Mon, Jun 29, 2015 at 10:52:01AM +0200, Milan Obuch wrote:
>
> > Does this answerred your question fully or something more would be
> > usefull?
>
> Which one is the magical IP address, i.e. the one that causes trouble
> once it's b
On Mon, Jun 29, 2015 at 10:52:01AM +0200, Milan Obuch wrote:
> Does this answerred your question fully or something more would be
> usefull?
How are you doing ARP?
You're not assigning every address on x.y.26.0/23 as an alias, are you?
So who answers ARP requests of the upstream router?
Daniel
On Mon, 29 Jun 2015 11:29:32 +0200
Daniel Hartmeier wrote:
> On Mon, Jun 29, 2015 at 10:52:01AM +0200, Milan Obuch wrote:
>
> > Does this answerred your question fully or something more would be
> > usefull?
>
> How are you doing ARP?
>
> You're not assigning every address on x.y.26.0/23 as an
Milan Obuch wrote:
> On Mon, 29 Jun 2015 11:29:32 +0200
> Daniel Hartmeier wrote:
>
> > On Mon, Jun 29, 2015 at 10:52:01AM +0200, Milan Obuch wrote:
> >
> > > Does this answerred your question fully or something more would be
> > > usefull?
> >
> > How are you doing ARP?
> >
> > You're not assi
On Sun, Jun 21, 2015 at 01:32:36PM +0200, Milan Obuch wrote:
> One observation, on pfctl -vs info output - when src-limit counters
> rises to 30 or so, I am getting first messages someone has problem. Is
> it only coincidence or is there really some relation to my problem?
This might be a clue. T
On Mon, 29 Jun 2015 12:42:22 +0200
Ian FREISLICH wrote:
> Milan Obuch wrote:
> > On Mon, 29 Jun 2015 11:29:32 +0200
> > Daniel Hartmeier wrote:
> >
> > > On Mon, Jun 29, 2015 at 10:52:01AM +0200, Milan Obuch wrote:
> > >
> > > > Does this answerred your question fully or something more would
>
Milan Obuch wrote:
>
> No, there were not much states per problematic IP, maybe just tens of
> them for one or couple internal IPs. That's weird.
What's the output of 'pfctl -sa' (without the states).
Ian
--
Ian Freislich
___
freebsd-pf@freebsd.org m
On Mon, 29 Jun 2015 12:46:14 +0200
Daniel Hartmeier wrote:
> On Sun, Jun 21, 2015 at 01:32:36PM +0200, Milan Obuch wrote:
>
> > One observation, on pfctl -vs info output - when src-limit counters
> > rises to 30 or so, I am getting first messages someone has problem.
> > Is it only coincidence o
On Mon, 29 Jun 2015 12:58:32 +0200
Ian FREISLICH wrote:
> Milan Obuch wrote:
> >
> > No, there were not much states per problematic IP, maybe just tens
> > of them for one or couple internal IPs. That's weird.
>
> What's the output of 'pfctl -sa' (without the states).
>
> Ian
>
Well, it has
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193620
Sean Bruno changed:
What|Removed |Added
Status|New |In Progress
--- Comment #1 from Sean
19 matches
Mail list logo
