**net** Re: Outbound TCP issue, potentially related
to'FreeBSD-SA-05:08.kmem [REVISED]'
Matt Ruzicka
matt at frii.com
Fri May 13 09:00:55 PDT 2005
Hmm.. doesn't seem to have helped.
-->uptime
9:59AM up 29 mins, 2 users, load averages: 0.96, 0.92, 1.24
-->sysctl -a | grep net.inet.ip.portrange.
net.inet.ip.portrange.lowfirst: 1023
net.inet.ip.portrange.lowlast: 600
net.inet.ip.portrange.first: 1024
net.inet.ip.portrange.last: 5000
net.inet.ip.portrange.hifirst: 49152
net.inet.ip.portrange.hilast: 65535
net.inet.ip.portrange.randomized: 0
net.inet.ip.portrange.randomcps: 10
net.inet.ip.portrange.randomtime: 45
Results of outbound port check:
pasiphae01.frii.com Fri May 13 09:44:26 2005 failed
pasiphae01.frii.com Fri May 13 09:44:38 2005 failed
pasiphae01.frii.com Fri May 13 09:45:05 2005 failed
pasiphae01.frii.com Fri May 13 09:45:11 2005 failed
pasiphae01.frii.com Fri May 13 09:48:43 2005 failed
pasiphae01.frii.com Fri May 13 09:48:53 2005 failed
pasiphae01.frii.com Fri May 13 09:48:57 2005 failed
pasiphae01.frii.com Fri May 13 09:50:50 2005 failed
pasiphae01.frii.com Fri May 13 09:51:19 2005 failed
pasiphae01.frii.com Fri May 13 09:51:25 2005 failed
pasiphae01.frii.com Fri May 13 09:51:53 2005 failed
pasiphae01.frii.com Fri May 13 09:53:12 2005 failed
pasiphae01.frii.com Fri May 13 09:55:38 2005 failed
pasiphae01.frii.com Fri May 13 09:57:39 2005 failed
pasiphae01.frii.com Fri May 13 09:58:14 2005 failed
pasiphae01.frii.com Fri May 13 09:58:55 2005 failed
pasiphae01.frii.com Fri May 13 09:59:16 2005 failed
pasiphae01.frii.com Fri May 13 09:59:19 2005 failed
pasiphae01.frii.com Fri May 13 09:59:26 2005 failed
Did I miss something?
Matthew Ruzicka - Systems Administrator
Front Range Internet, Inc.
matt at frii.net - (970) 212-0728
Got SPAM? Take back your email with MailArmory. http://www.MailArmory.com
On Fri, 13 May 2005, Maxim Konovalov wrote:
> [...]
> > net.inet.ip.portrange.randomized: 1
> > net.inet.ip.portrange.randomcps: 10
> > net.inet.ip.portrange.randomtime: 45
> >
> > Although I'm not familiar with what this /should/ be, my guts says 10
> > seems sort of low.
> >
> > Also, was this only implemented in 4.11? (Since we started seeing this
> > while running 4.9 still.)
> >
> > http://www.freebsd.org/releases/4.11R/relnotes-i386.html
> >
> > We'll give this a shot though to see if it helps either way.
>
> These sysctls are in 4.11 only and 4.9 has a broken random port
> allocation algorithm. Please turn it off as Mike suggests and report
> results back.
>
> --
> Maxim Konovalov
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
More information about the freebsd-net
mailing list