Re: network problems 7.0-p3: sendto: Operation not permitted
- From: Jeremy Chadwick <koitsu@xxxxxxxxxxx>
- Date: Thu, 24 Jul 2008 04:12:44 -0700
On Thu, Jul 24, 2008 at 06:21:53AM -0400, Robert Jameson wrote:
Still don't know whats going on, im currently sitting here with no firewall
between me and the internet (very nervous) seeing if it fixes the problems,
as of right this moment, still seeing permission denied errors.
Okay, then the problem isn't with pf, although f/w rules are the only
thing I've personally experienced which induces those messages.
How did you disable the firewall, by the way?
Can you provide uname -a output? There was a "cable modem compatibility
fix" applied to FreeBSD a while ago (a user informed me of such),
although I do not know if it applies to you, as I do not know the
original symptoms. I believe that fix was also just for TCP.
FreeBSD cube.dawnshosting.com 7.0-RELEASE-p3 FreeBSD 7.0-RELEASE-p3 #5: Wed
Jul 16 21:55:02 EDT 2008
root@xxxxxxxxxxxxxxxxxxxxx:/usr/obj/usr/src/sys/CUBE
i386
Was the patch applied upstream? if not and its not too much trouble can you
point me in the direction of it.
The patch was applied to RELENG_7 on Marth 13th and RELENG_7_0 on June
19th. I don't know which tag you're tracking for src, so I can't tell
you if you've got the patch or not:
1.141.2.4 +10 -2 src/sys/netinet/tcp_output.c
1.157.2.2 +5 -2 src/sys/netinet/tcp_var.h
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_output.c
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_var.h
For a discussion of this (read between the lines):
http://lists.freebsd.org/pipermail/freebsd-stable/2008-July/043595.html
Jul 20 22:15:39 cube kernel: Limiting open port RST response from 318 to200
packets/sec
This indicates a high number of ICMP packets being received. Keep in
mind this can also be seen due to TCP connections which are being reset
and other such things -- ICMP is at a higher layer than TCP.
I don't think there's necessarily anything "wrong" with that number (you
show up to 740), but it would be worthwhile investigating what's
soliciting that amount of ICMP traffic. Are you seeing this 24x7x365?
Yes its constant. let it me known i also have a 2 network cards in the
machne, 1 into my cable modem and nother into a linksys 16port vpn router.
the defaultrouter is set to a WAN IP (not 10.192.240.1), not that any of
that matters, i dont think?
No one will know without you describing your network (with IPs and
netmasks), and providing netstat -rn output.
/etc/sysctl.confaway.
net.inet.icmp.icmplim=2000
I know it seems abit high, but i kept adjusting until the error went
(not really fixing the problem?)
It's not a big high; FreeBSD's 200 default is too low for any production
server, if you ask me. Setting it to 2000 is probably fine.
I read a bit about it from the handbook, i think it's a non issue.
Might be worth mentioning the only real service change to this machine was
an ircd daemon w/ about 500 users.
I see. God help you.
Your file descriptor problem with bind may be because of this. IRC
servers commonly chew socket resources at a crazy rate, especially if
you're under some form of TCP-based attack (which might also explain the
ICMP errors, induced by TCP RST). You may want to look at the
kern.maxfiles and kern.maxfilesperproc sysctls, and read this.
http://www.freebsd.org/doc/en/books/handbook/configtuning-kernel-limits.html
I don't mean to be rude, but I'd highly recommend avoid running a public
IRC server unless you have significant familiarity with your OS, network
topology, and have a very robust firewall (read: Cisco or Juniper) *in
front* of the machine acting as an IRC server -- and even then, ask
yourself if it's worth it. IRC servers are harassment magnets, and you
will end up being the target of that harassment.
Is this an attack?ICMP
01:55:41.231722 IP cube.dawnshosting.com > purple.haze.bluntroll.in:
echo request, id 22055, seq 37084, length 64ICMP
01:55:42.232794 IP cube.dawnshosting.com > purple.haze.bluntroll.in:
echo request, id 22055, seq 37085, length 64
At this rate (1 ICMP packet a second), absolutely not. You also don't
mention which FQDN/IP is yours; I assume "cube.dawnshosting.com", based
on your local hostname in the above. Your machine is sending out an
ICMP ping packet to purple.haze.bluntroll.in every 1 second. If you
don't know why, you need to investigate why.
Correct, cube.dawnshosting.com is the actual FreeBSD machinr.
sorry for the newbish question, off the top of your head how can i see
who/what is using this process?
FreeBSD comes with sockstat, which should suffice for this.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"
- References:
- network problems 7.0-p3: sendto: Operation not permitted
- From: Robert Jameson
- Re: network problems 7.0-p3: sendto: Operation not permitted
- From: Jeremy Chadwick
- Re: network problems 7.0-p3: sendto: Operation not permitted
- From: Robert Jameson
- network problems 7.0-p3: sendto: Operation not permitted
- Prev by Date: RE: MCP55 SATA data corruption in FreeBSD 7
- Next by Date: Re: cvs commit: src/contrib/pf/pfctl parse.y src/lib/libc/sys Symbol.map getsockopt.2 src/sbin/ipfw ipfw.8 ipfw2.c src/sys/conf NOTES options src/sys/contrib/ipfilter/netinet ip_fil_freebsd.c src/sys/contrib/pf/net pf.c pf_ioctl.c src/sys/kern init_sysent.c ...
- Previous by thread: Re: network problems 7.0-p3: sendto: Operation not permitted
- Next by thread: Re: cvs commit: src/contrib/pf/pfctl parse.y src/lib/libc/sys Symbol.map getsockopt.2 src/sbin/ipfw ipfw.8 ipfw2.c src/sys/conf NOTES options src/sys/contrib/ipfilter/netinet ip_fil_freebsd.c src/sys/contrib/pf/net pf.c pf_ioctl.c src/sys/kern init_sysent.c ...
- Index(es):
Relevant Pages
|
