Re: phantom in diald queue
David S. Zelinsky wrote:
>
> Using diald, with a dynamic IP address, I sometimes get an annoying "phantom"
> in the packet queue. It's usually something like:
>
> <some.remote.address>/80 => <stale.local.address>/1234
>
> evidently coming from an aborted http transfer. The stale local address is
> the IP address I had on some previous connection.
>
> The diald packet queue will show this for a minute, then disconnect when its
> time expires. The queue will remain empty for a minute or two, and then this
> same entry will reappear, and cause the link to come back up. It will sit
> idle for a minute, the link will go down, and the whole cycle keeps repeating.
>
> I've tried:
> * killing Netscape (which initiated the transfer originally)
> * killing and restarting diald
>
> Neither of these stop the phantom from continuing to reappear.
netstat will still show the LAST_ACK for a connection that netscape
had left open, but which was obsoleted.
>
> I've tried running lsof to see what process is opening the connection -- but
> lsof doesn't show it.
>
> The only way I've been able to make it stop is by either waiting (it goes away
> after 10 or 15 minutes); or by rebooting.
>
> So, can anyone tell me what is causing this request to be continually
> regenerated, and/or how to stop it?
I came to the conclusion that the kernel was the culprit (in addition to
netscape).
I changed /etc/diald/ip-down to reject anything on the obsolete connection.
I would have prefered a diald's filter, but couldn't figure out one.
Requires
"ip-up /etc/diald/ip-up
ip-down /etc/diald/ip-down"
in diald.options.
START of /etc/diald/ip-down::
# original Generated by: dotfile ipfwadm
# see http://www.wolfenet.com/~jhardin/ipfwadm.html for details
#
#---------->General Settings<----------
# General settings
# dialup ISP via PPP, dynamic IP address, diald
# Initialization
# Define some variables to make things a bit clearer below
# Any system anywhere
export ANY="0.0.0.0/0"
# The Remote Internet connection
export INET="-V ${4}"
# The Local Internet connection
export LINET="-V ${3}"
# The local network port
export LETH="-V 192.168.1.6 -W eth0"
# The local network
export LNET="192.168.1.0/255.255.255.0"
# The firewall (this system on the local network)
export FWALL="192.168.1.6/32"
# The firewall's Internet address (if known or determinable)
export INET_IP="${4}/32"
# Some ipfwadm flags for the TCP protocol
export OpenNewConn="-y"
export ConnEstablished="-k"
# Reset to known state
/sbin/ipfwadm -I -f # flush existing input rules
/sbin/ipfwadm -O -f # flush existing output rules
/sbin/ipfwadm -F -f # flush existing forwarding rules
# Set default policy
# default deny until firewall setup is completed...
/sbin/ipfwadm -I -p deny
/sbin/ipfwadm -O -p deny
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -O -a reject $INET -S 0.0.0.0
/sbin/ipfwadm -I -a reject $INET -S 0.0.0.0
/sbin/ipfwadm -F -a reject $INET -S 0.0.0.0
/sbin/ipfwadm -O -a reject $LINET -S 0.0.0.0
/sbin/ipfwadm -I -a reject $LINET -S 0.0.0.0
/sbin/ipfwadm -F -a reject $LINET -S 0.0.0.0
/sbin/ipfwadm -F -a masquerade -W sl0 -S $LNET -D $ANY
/sbin/ipfwadm -F -a masquerade -S $LNET -D $ANY
/sbin/ipfwadm -I -p accept
/sbin/ipfwadm -O -p accept
END::
You'll need a /etc/diald/ip-up to setup rules too. I used dotfile ipfwadm
package
to create a good set.
The ipmasq package didn't work for me back then, and has made great strides,
maybe will do the job for you now.
I've since changed to kernel 2.1.119 (and ipchains as a result) along with a
current
version of ipmasq which recomputes the firewall rules upon change of diald's
state
(up-down)and haven't noticed the problem anymore ( a definite maybe).
>
> Failing that, does anyone know a good exorcist :(
yes I think its time for an exorcist (movie party),
after all Halloween is getting closer :-).
>
> --
> David Zelinsky
> dsz@alumni.caltech.edu
>
> ------------------------------
Hope this is helpful
John Currey
--
"If you love wealth more than liberty, the tranquility of servitude better
than the animating contest of freedom, depart from us in peace. We ask
not your counsel nor your arms. Crouch down and lick the hand that feeds
you. May your chains rest lightly upon you and may posterity forget that
you were our countrymen." --Samuel Adams
Reply to: