Dropped Packets - Help please!

#1 (**permalink**) 01-27-2006

This is a multi-part message in MIME format.

------_=_NextPart_001_01C6234D.A24363D7
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello all,
=20
I'm getting dropped packets:
=20
[ID 702911 local0.warning] 08:45:14.146313 bge0 @0:2 b x.x.x.x,30404 ->
x.x.x.x,443 PR tcp len 20 40 -AR IN
=20
Here is my ruleset:
=20
# This to allow all localhost connections
pass in quick on lo0 all
pass out quick on lo0 all
=20
# This will block any connection attempts unless explicitly opened below
block return-rst in log on bge0 proto tcp from any to x.y.z.122/32
block in log on bge0 proto udp from any to x.y.z.122/32
block in log proto icmp all
=20
# This will block any out bound traffic except what is allowed
explicitly below
block out log on bge0 proto tcp from x.y.z.122/32 to any
block out log on bge0 proto udp from x.y.z.122/32 to any
=20
# This is for ssh to server from admin boxes
pass in quick on bge0 proto tcp from x.y.89.0/24 to x.y.z.122/32 port =
=3D
22 keep state keep frags
pass in quick on bge0 proto tcp from x.y.87.210 to any port =3D 22 flags =
S
keep state keep frags
pass in quick on bge0 proto tcp from x.y.68.7/32 to x.y.z.122/32 port =
=3D
22 keep state keep frags
=20
# this section is for netbackup
pass in quick on bge0 proto tcp from x.y.z.253/32 to any port 13781 ><
13784 flags S keep state keep frags
pass out quick on bge0 proto tcp from any to x.y.z.253/32 port =3D 13724
flags S keep state keep frags
pass out quick on bge0 proto tcp from any to x.y.z.253/32 port =3D 13720
flags S keep state keep frags
=20
# This is to allow patrol connections
pass in quick on bge0 proto tcp from x.y.70.61/32 to any port =3D 3500
flags S keep state keep frags
pass in quick on bge0 proto tcp from x.y.89.0/24 to any port =3D 3500
flags S keep state keep frags
pass in quick on bge0 proto tcp from x.y.87.210/32 to any port =3D 3500
flags S keep state keep frags
=20
# This is to allow port 80 and 443 web traffic to webserver
pass in quick on bge0 proto tcp from any to x.y.z.122/32 port =3D 80 =
flags
S keep state keep frags
pass in quick on bge0 proto tcp from any to x.y.z.122/32 port =3D 443
flags S keep state keep frags
=20
# This to access the admin server fro SunONE
pass in quick on bge0 proto tcp from x.y.89.25/32 to x.y.z.122/32 port =
=3D
8888 flags S keep state keep frags
=20
# This is to allow Tripwire Traffic
pass in quick on bge0 proto tcp from x.y.89.12/32 to x.y.z.122/32 port =
=3D
1169 flags S keep state keep frags
=20
# This section is for broadvision NSAPI plug-in to talk to app servers
pass out quick on bge0 proto tcp from any to x.y.z.124 port 3999 >< 4016
flags S keep state keep frags
pass out quick on bge0 proto tcp from any to x.y.z.125 port 3999 >< 4016
flags S keep state keep frags
pass out quick on bge0 proto tcp from any to x.y.z.126 port 3999 >< 4016
flags S keep state keep frags
pass out quick on bge0 proto tcp from any to x.y.z.127 port 3999 >< 4016
flags S keep state keep frags
=20
# This will allow ssh out to any box in the environment
#pass out quick on bge0 proto tcp from x.y.z.122/32 to x.y.z.0/24 port =
=3D
22 flags S keep state keep frags
=20
# This will enable communication with the NFS server
pass out quick on bge0 proto tcp/udp from x.y.z.122/32 to x.y.z.131 port
=3D 111 keep state keep frags
pass out quick on bge0 proto tcp from x.y.z.122/32 to x.y.z.131 port =3D
63000 flags S keep state keep frags
pass out quick on bge0 proto tcp from x.y.z.122/32 to x.y.z.131 port =3D
54555 flags S keep state keep frags
pass out quick on bge0 proto tcp from x.y.z.122/32 to x.y.z.131 port =3D
63111 flags S keep state keep frags
pass out quick on bge0 proto tcp from x.y.z.122/32 to x.y.z.131 port =3D
45555 flags S keep state keep frags
=20
# This to allow syslog traffic to cgw-logs
pass out quick on bge0 proto udp from x.y.z.122/32 to x.y.z.139/32 port
=3D 514 keep state keep frags
=20
# This is to allow ntp traffic
pass out quick on bge0 proto tcp/udp from x.y.z.122/32 to
192.168.49.85/32 port =3D 123 keep state keep frags
=20
# This is to allow SMTP traffic
pass out quick on bge0 proto tcp from x.y.z.122/32 to x.y.z.32/32 port =
=3D
25 flags S keep state keep frags
pass out quick on bge0 proto tcp from x.y.z.122/32 to 152.121.36.8/32
port =3D 25 flags S keep state keep frags
=20
# This is to allow port 80 traffic to xxx.yyy.zzz for RSS feed
pass out quick on bge0 proto tcp from any to any port =3D 80 flags S =
keep
state keep frags
=20
# This is to allow DNS lookups to DMZ DNS servers
pass out quick on bge0 proto tcp/udp from any to x.y.z.19 port =3D 53 =
keep
state keep frags
pass out quick on bge0 proto tcp/udp from any to 199.211.215.66 port =3D
53 keep state keep frags
pass out quick on bge0 proto tcp/udp from any to 199.211.217.2 port =3D =
53
keep state keep frags
pass out quick on bge0 proto tcp/udp from any to 199.211.216.6 port =3D =
53
keep state keep frags

=20
SunOS <hostname> 5.9 Generic_118558-17 sun4u sparc SUNW,Sun-Fire-V240
64-bit sparcv9 kernel modules
lo0: flags=3D1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4 > mtu 8232 index =
1
inet 127.0.0.1 netmask ff000000
bge0: flags=3D1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv 4> mtu 1500 =
index
2
inet X.X.X.122 netmask ffffff00 broadcast X.X.X.255
ether 0:3:ba:61:4f:ef
=20
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis
Queue
lo0 8232 loopback localhost 6 0 6 0 0
0
bge0 1500 host host 30466417 0 44709462 0 0
0
=20

netstat -s -P ip
=20
IPv4 ipForwarding =3D 2 ipDefaultTTL =3D 255
ipInReceives =3D27732387 ipInHdrErrors =3D 0
ipInAddrErrors =3D 0 ipInCksumErrs =3D 0
ipForwDatagrams =3D 0 ipForwProhibits =3D 0
ipInUnknownProtos =3D 0 ipInDiscards =3D 0
ipInDelivers =3D26958799 ipOutRequests =
=3D44581799
ipOutDiscards =3D 0 ipOutNoRoutes =3D 0
ipReasmTimeout =3D 60 ipReasmReqds =3D 0
ipReasmOKs =3D 0 ipReasmFails =3D 0
ipReasmDuplicates =3D 0 ipReasmPartDups =3D 0
ipFragOKs =3D 0 ipFragFails =3D 0
ipFragCreates =3D 0 ipRoutingDiscards =3D 0
tcpInErrs =3D 0 udpNoPorts =3D 16353
udpInCksumErrs =3D 0 udpInOverflows =3D 0
rawipInOverflows =3D 0 ipsecInSucceeded =3D 0
ipsecInFailed =3D 0 ipInIPv6 =3D 0
ipOutIPv6 =3D 0 ipOutSwitchIPv6 =3D 54
=20
=20
=20
ipf -V
ipf: IP Filter: v3.4.32 (496)
Kernel: IP Filter: v3.4.32
Running: yes
Log Flags: 0 =3D none set
Default: pass all, Logging: available
Active list: 0

------_=_NextPart_001_01C6234D.A24363D7
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1528" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2>Hello=20
all,</FONT></SPAN></DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2>I'm =
getting dropped=20
packets:</FONT></SPAN></DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2>[ID =
702911=20
local0.warning] 08:45:14.146313 bge0 @0:2 b x.x.x.x,30404 -> =
x.x.x.x,443 PR=20
tcp len 20 40 -AR IN</FONT></SPAN></DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2>Here =
is my=20
ruleset:</FONT></SPAN></DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># This =
to allow all=20
localhost connections<BR>pass in quick on lo0 all<BR>pass out quick on =
lo0=20
all</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># This =
will block=20
any connection attempts unless explicitly opened below<BR>block =
return-rst in=20
log on bge0 proto tcp from any to x.y.z.122/32<BR>block in log on bge0 =
proto udp=20
from any to x.y.z.122/32<BR>block in log proto icmp =
all</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># This =
will block=20
any out bound traffic except what is allowed explicitly below<BR>block =
out log=20
on bge0 proto tcp from x.y.z.122/32 to any<BR>block out log on bge0 =
proto udp=20
from x.y.z.122/32 to any</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># This =
is for ssh to=20
server from admin boxes<BR>pass in quick on bge0 proto tcp from =
x.y.89.0/24 to=20
x.y.z.122/32 port =3D 22 keep state keep frags<BR>pass in quick on bge0 =
proto tcp=20
from x.y.87.210 to any port =3D 22 flags S keep state keep frags<BR>pass =
in quick=20
on bge0 proto tcp from x.y.68.7/32 to x.y.z.122/32 port =3D 22 keep =
state keep=20
frags</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># this =
section is=20
for netbackup<BR>pass in quick on bge0 proto tcp from x.y.z.253/32 to =
any port=20
13781 >< 13784 flags S keep state keep frags<BR>pass out quick on =
bge0=20
proto tcp from any to x.y.z.253/32 port =3D 13724 flags S keep state =
keep=20
frags<BR>pass out quick on bge0 proto tcp from any to x.y.z.253/32 port =
=3D 13720=20
flags S keep state keep frags</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># This =
is to allow=20
patrol connections<BR>pass in quick on bge0 proto tcp from x.y.70.61/32 =
to any=20
port =3D 3500 flags S keep state keep frags<BR>pass in quick on bge0 =
proto tcp=20
from x.y.89.0/24 to any port =3D 3500 flags S keep state keep =
frags<BR>pass in=20
quick on bge0 proto tcp from x.y.87.210/32 to any port =3D 3500 flags S =
keep state=20
keep frags</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># This =
is to allow=20
port 80 and 443 web traffic to webserver<BR>pass in quick on bge0 proto =
tcp from=20
any to x.y.z.122/32 port =3D 80 flags S keep state keep frags<BR>pass in =
quick on=20
bge0 proto tcp from any to x.y.z.122/32 port =3D 443 flags S keep state =
keep=20
frags</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># This =
to access the=20
admin server fro SunONE<BR>pass in quick on bge0 proto tcp from =
x.y.89.25/32 to=20
x.y.z.122/32 port =3D 8888 flags S keep state keep =
frags</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># This =
is to allow=20
Tripwire Traffic<BR>pass in quick on bge0 proto tcp from x.y.89.12/32 to =

x.y.z.122/32 port =3D 1169 flags S keep state keep =
frags</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># This =
section is=20
for broadvision NSAPI plug-in to talk to app servers<BR>pass out quick =
on bge0=20
proto tcp from any to x.y.z.124 port 3999 >< 4016 flags S keep =
state keep=20
frags<BR>pass out quick on bge0 proto tcp from any to x.y.z.125 port =
3999=20
>< 4016 flags S keep state keep frags<BR>pass out quick on bge0 =
proto tcp=20
from any to x.y.z.126 port 3999 >< 4016 flags S keep state keep=20
frags<BR>pass out quick on bge0 proto tcp from any to x.y.z.127 port =
3999=20
>< 4016 flags S keep state keep frags</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># This =
will allow=20
ssh out to any box in the environment<BR>#pass out quick on bge0 proto =
tcp from=20
x.y.z.122/32 to x.y.z.0/24 port =3D 22 flags S keep state keep=20
frags</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># This =
will enable=20
communication with the NFS server<BR>pass out quick on bge0 proto =
tcp/udp from=20
x.y.z.122/32 to x.y.z.131 port =3D 111 keep state keep frags<BR>pass out =
quick on=20
bge0 proto tcp from x.y.z.122/32 to x.y.z.131 port =3D 63000 flags S =
keep state=20
keep frags<BR>pass out quick on bge0 proto tcp from x.y.z.122/32 to =
x.y.z.131=20
port =3D 54555 flags S keep state keep frags<BR>pass out quick on bge0 =
proto tcp=20
from x.y.z.122/32 to x.y.z.131 port =3D 63111 flags S keep state keep=20
frags<BR>pass out quick on bge0 proto tcp from x.y.z.122/32 to x.y.z.131 =
port =3D=20
45555 flags S keep state keep frags</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># This =
to allow=20
syslog traffic to cgw-logs<BR>pass out quick on bge0 proto udp from =
x.y.z.122/32=20
to x.y.z.139/32 port =3D 514 keep state keep frags</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># This =
is to allow=20
ntp traffic<BR>pass out quick on bge0 proto tcp/udp from x.y.z.122/32 to =

192.168.49.85/32 port =3D 123 keep state keep frags</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># This =
is to allow=20
SMTP traffic<BR>pass out quick on bge0 proto tcp from x.y.z.122/32 to=20
x.y.z.32/32 port =3D 25 flags S keep state keep frags<BR>pass out quick =
on bge0=20
proto tcp from x.y.z.122/32 to 152.121.36.8/32 port =3D 25 flags S keep =
state keep=20
frags</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># This =
is to allow=20
port 80 traffic to xxx.yyy.zzz for RSS feed<BR>pass out quick on bge0 =
proto tcp=20
from any to any port =3D 80 flags S keep state keep =
frags</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=3D806324613-27012006><FONT face=3DArial size=3D2># This =
is to allow=20
DNS lookups to DMZ DNS servers<BR>pass out quick on bge0 proto tcp/udp =
from any=20
to x.y.z.19 port =3D 53 keep state keep frags<BR>pass out quick on bge0 =
proto=20
tcp/udp from any to 199.211.215.66 port =3D 53 keep state keep =
frags<BR>pass out=20
quick on bge0 proto tcp/udp from any to 199.211.217.2 port =3D 53 keep =
state keep=20
frags<BR>pass out quick on bge0 proto tcp/udp from any to 199.211.216.6 =
port =3D=20
53 keep state keep frags<BR></FONT></SPAN></DIV></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>SunOS <hostname> 5.9 =
Generic_118558-17 sun4u=20
sparc SUNW,Sun-Fire-V240<BR>64-bit sparcv9 kernel modules<BR>lo0:=20
flags=3D1000849<UP,LOOPBACK,RUNNING,MULTICAST,I Pv4> mtu 8232 index =

1<BR>        inet 127.0.0.1 netmask=20
ff000000<BR>bge0: =
flags=3D1000843<UP,BROADCAST,RUNNING,MULTICAST, IPv4> mtu=20
1500 index 2<BR>        inet =
X.X.X.122=20
netmask ffffff00 broadcast=20
X.X.X.255<BR>      & nbsp; ether=20
0:3:ba:61:4f:ef</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Name  Mtu =20
Net/Dest     =20
Address        Ipkts  Ierrs =
Opkts =20
Oerrs Collis Queue<BR>lo0   8232=20
loopback      =
localhost     =20
6      0    =20
6      0    =20
0      0<BR>bge0  1500=20
host       &nbs p; =20
host       &nbs p;   =
30466417=20
0     44709462 0    =20
0      0</FONT></DIV>
<DIV> </DIV><FONT face=3DArial size=3D2>
<DIV><BR>netstat -s -P ip</DIV>
<DIV> </DIV>
<DIV>IPv4   =20
ipForwarding      &n bsp; =
=3D    =20
2     =
ipDefaultTTL      &n bsp;=20
=3D   255<BR>       = 20
ipInReceives      &n bsp; =
=3D27732387  =20
ipInHdrErrors       =
=3D    =20
0<BR>       =2 0
ipInAddrErrors      =3D     =

0     =
ipInCksumErrs      = 20
=3D     =
0<BR>       =2 0
ipForwDatagrams     =3D    =20
0     ipForwProhibits    =20
=3D     =
0<BR>       =2 0
ipInUnknownProtos   =3D    =20
0     =
ipInDiscards      &n bsp;=20
=3D     =
0<BR>       =2 0
ipInDelivers      &n bsp; =
=3D26958799  =20
ipOutRequests      = 20
=3D44581799<BR>     &nbsp ; =20
ipOutDiscards       =
=3D    =20
0     =
ipOutNoRoutes      = 20
=3D     =
0<BR>       =2 0
ipReasmTimeout      =3D   =20
60    =20
ipReasmReqds      &n bsp; =
=3D    =20
0<BR>       =2 0
ipReasmOKs      &nbs p;  =20
=3D     0    =20
ipReasmFails      &n bsp; =
=3D    =20
0<BR>        =
ipReasmDuplicates  =20
=3D     0    =20
ipReasmPartDups     =3D    =20
0<BR>       =2 0
ipFragOKs      &nbsp ;   =20
=3D     0    =20
ipFragFails      &nb sp; =20
=3D     =
0<BR>       =2 0
ipFragCreates       =
=3D    =20
0     ipRoutingDiscards  =20
=3D     =
0<BR>       =2 0
tcpInErrs      &nbsp ;   =20
=3D     0    =20
udpNoPorts      &nbs p;   =3D=20
16353<BR>      &nbsp ;=20
udpInCksumErrs      =3D     =

0     udpInOverflows     =20
=3D     =
0<BR>       =2 0
rawipInOverflows    =3D    =20
0     ipsecInSucceeded   =20
=3D     =
0<BR>       =2 0
ipsecInFailed       =
=3D    =20
0    =20
ipInIPv6           &nbsp=
;=20
=3D     =
0<BR>       =2 0
ipOutIPv6      &nbsp ;   =20
=3D     0    =20
ipOutSwitchIPv6     =3D    54</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> ipf -V<BR>ipf: IP Filter: v3.4.32 (496)<BR>Kernel: IP Filter: =

v3.4.32<BR>Running: yes<BR>Log Flags: 0 =3D none set<BR>Default: pass =
all,=20
Logging: available<BR>Active list: 0<BR></FONT></DIV></BODY></HTML>

------_=_NextPart_001_01C6234D.A24363D7--

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode