I've got a wierd one. For no apparent reason, connections for a few
users will randomly be blocked. The flaky box has been in service
for 18 months, with very few hiccups. About a month ago, I upgraded
it from 1 to 4Mb RAM. I was seeing the same thing before the
upgrade, but it seemed to happen a lot more often. This is the first
time it's happened since the upgrade. The information below is what
I managed to gather before I had to reboot it. FWIW, the reboot
seems to cure it for a while. The user having trouble is on port S9,
and has been assigned IP address 205.230.0.32.
pm1> ver
Livingston PortMaster PM-2e ComOS 3.7.2
System uptime is 14 days 1 hours 24 minutes
pm1> sho mem
System memory 4194304 bytes - 994556 used, 3199748 available
576:1 96:24 1152:1 640:1 128:32 560:6 2048:13 32:10 4240:3 144:24
80:20 176:2 16:171 160:14 48:24 System nbufs 1400 - 71 used, 1329
available
pm1> sho sess
Port User Host/Inet/Dest Type Dir Status Start Idle
---- --------------- ---------------- ------- --- -------------- ----- ------
S0 jstaceyl ts0102.texramp.n Netwrk In ESTABLISHED 2:14 0
S1 kis kis.texramp.net Netwrk In ESTABLISHED 12:10 12:09
S2 - - Log/Net In IDLE 0 0
S3 timallen ts0103.texramp.n Netwrk In ESTABLISHED 21 0
S4 artibbs artibbs.com Netwrk In ESTABLISHED 5days 0
S5 mckethan ts0126.texramp.n Netwrk In ESTABLISHED 45 1
S6 cstill ts0125.texramp.n Netwrk In ESTABLISHED 37 0
S7 - - Log/Net In IDLE 0 0
S8 tibstuff ts0127.texramp.n Netwrk In ESTABLISHED 20 0
S9 clayr ts0116.texramp.n Netwrk In ESTABLISHED 10 10
S10 jagit ts0119.texramp.n Netwrk In ESTABLISHED 1:43 0
S11 klatchgw cklatch-gw.texra Netwrk In ESTABLISHED 1days 0
S12 klatchgw cklatch-gw.texra Netwrk In ESTABLISHED 6:49 1:27
S13 tate ts0101.texramp.n Netwrk In ESTABLISHED 30 0
S14 - - Log/Net In IDLE 0 0
S15 - - Log/Net In IDLE 0 0
S16 - - Log/Net In IDLE 0 0
-- Press Return for More -- q
sho s9
----------------------- Current Status - Port S9 ---------------------------
Status: ESTABLISHED
Input: 41047559 Parity Errors: 0
Output: 313360660 Framing Errors: 0
Pending: 0 Overrun Errors: 0
Modem Status: DCD+ CTS+
Active Configuration Default Configuration
-------------------- ---------------------
Port Type: Netwrk Login/Netwrk (Dial In)
(Security)
Baud Rates: 115200 115200,115200,115200
Flow Control: RTS/CTS RTS/CTS
Modem Control: on on
Modem Config: Configured centrack
Remote Host: ts0116.texramp.net
Netmask: 255.255.255.255 0.0.0.0
Interface: ptp9 (PPP,Quiet,VJ-Comp)
Mtu: 1500 1500
Pkt Filters: In:nospoof.in Out:nospoof.out
Async Map: L:00000000 R:000a0000 00000000
Dial Group: 0
pm1> sho filt nospoof.out
1 permit 0.0.0.0/0 205.230.0.0/24 ip
2 deny 0.0.0.0/0 0.0.0.0/0 ip log
pm1> sho filt nospoof.in
1 deny 205.230.0.0/28 0.0.0.0/0 ip log
2 deny 0.0.0.0/0 205.230.0.255/32 ip
3 permit 205.230.0.0/24 0.0.0.0/0 ip
4 deny 0.0.0.0/0 0.0.0.0/0 ip log
Line 1 of nospoof.in is to protect our servers and routers from the
land attack. The IP addresses for those machines are in the range
205.230.0.1 - 205.230.0.15. Line 2 prevents anyone from sending to
the broadcast address for our LAN. Line 3 prevents address spoofing
outside our assigned net block.
This is a snip of our log file for this session:
Nov 26 20:03:27 pm1 4 deny: UDP from 198.6.1.1.53 to 205.230.0.32.1025
Nov 26 20:03:28 pm1 4 deny: UDP from 198.6.1.1.53 to 205.230.0.32.1025
Nov 26 20:03:37 pm1 1 deny: UDP from 205.230.0.3.53 to 205.230.0.32.1025
Nov 26 20:04:27 pm1 1 deny: UDP from 205.230.0.3.53 to 205.230.0.32.1025
Nov 26 20:04:37 pm1 4 deny: UDP from 198.6.1.1.53 to 205.230.0.32.1025
Nov 26 20:05:28 pm1 4 deny: UDP from 198.6.1.1.53 to 205.230.0.32.1025
Nov 26 20:11:07 pm1 1 deny: UDP from 205.230.0.3.53 to 205.230.0.32.1025
Nov 26 20:11:38 pm1 1 deny: icmp from 205.230.0.3 to 205.230.0.32 type Echo
Request
Nov 26 20:11:40 pm1 last message repeated 2 times
Nov 26 20:12:07 pm1 4 deny: UDP from 198.6.1.1.53 to 205.230.0.32.1025
Nov 26 20:13:07 pm1 1 deny: UDP from 205.230.0.3.53 to 205.230.0.32.1025
205.230.0.3 is our primary DNS box and 198.6.1.1 is secondary. The
icmp line was me trying to ping his connection. Notice that some of the lines
indicate a problem with line 4 of the filter. That's interesting, since
nospoof.out only has two lines! It looks like it's applying nospoof.in as the
output filter but the port information shows different.
Logan Ashby http://www.texramp.net
lashby@texramp.net sysadmin@texramp.net
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.