Доброго времени суток.
Столкнулся с такой проблемой:
Есть сетка 10.0.1.0 класа С есть шлюз на ФРЕ на котором установлено 2 ИР с даной сети. При попытке установить алиас например 192.168.1.1 (клас С) через некоторое время, примерно пол минуты, сеть (сетевуха локалки) отваливается намертво (пинги не ходят, файрвол непричем не работает как с включенным так и с выключенным, сетевухи менял - результат тот же) причем инетовская (интегрированая на материнку) работает нормально. Попитка посмотреть sysctl -a |grep arp вызвала Кернел Паник
Из софта установлено: POSTFIX, SQUID, DBMAIL, AMAVIS, APACHE22.
как файрвол используется PF (на внешнем интерфейсе), IPFW (на внутренем, тольно разграничивает полосы, в конце всеразрешающие правило)
Кто сталкивался с подобным помогите, замучался уже искать.
DMESG:
-----------------------------------------------------------------------------
CPU: Intel(R) Pentium(R) 4 CPU 2.40GHz (1793.36-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0xf24 Stepping = 4
Features=0x3febfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,C
MOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM>
real memory = 671023104 (639 MB)
avail memory = 647057408 (617 MB)
ACPI APIC Table: <HP-NSD >
ioapic0 <Version 2.0> irqs 0-23 on motherboard
ichwd module loaded
kbd1 at kbdmux0
acpi0: <HP-NSD HPNSD-JH> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
agp0: <Intel 82845 host to AGP bridge> on hostb0
pcib1: <PCI-PCI bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
vgapci0: <VGA-compatible display> mem 0xde000000-0xdeffffff,0xda000000-0xdbfffff
f irq 16 at device 0.0 on pci1
pcib2: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci2: <ACPI PCI bus> on pcib2
fxp0: <Intel 82801BA/CAM (ICH2/3) Pro/100 Ethernet> port 0xbc00-0xbc3f mem 0xdfe
ff000-0xdfefffff irq 20 at device 8.0 on pci2
miibus0: <MII bus> on fxp0
inphy0: <i82562ET 10/100 media interface> PHY 1 on miibus0
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp0: Ethernet address: 00:30:6e:28:7d:09
fxp0: [ITHREAD]
fxp1: <Intel 82559 Pro/100 Ethernet> port 0xb800-0xb83f mem 0xdfefe000-0xdfefeff
f,0xdfd00000-0xdfdfffff irq 21 at device 9.0 on pci2
miibus1: <MII bus> on fxp1
inphy1: <i82555 10/100 media interface> PHY 1 on miibus1
inphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp1: Ethernet address: 00:d0:b7:16:09:d6
fxp1: [ITHREAD]
atapci0: <SiI SiI 3114 SATA150 controller> port 0xb400-0xb407,0xb000-0xb003,0xac
00-0xac07,0xa800-0xa803,0xa400-0xa40f mem 0xdfefdc00-0xdfefdfff irq 22 at device
10.0 on pci2
atapci0: [ITHREAD]
ata2: <ATA channel 0> on atapci0
ata2: [ITHREAD]
ata3: <ATA channel 1> on atapci0
ata3: [ITHREAD]
ata4: <ATA channel 2> on atapci0
ata4: [ITHREAD]
ata5: <ATA channel 3> on atapci0
ata5: [ITHREAD]
ahc0: <Adaptec 29160 Ultra160 SCSI adapter> port 0xa000-0xa0ff mem 0xdfefc000-0x
dfefcfff irq 18 at device 11.0 on pci2
ahc0: [ITHREAD]
aic7892: Ultra160 Wide Channel A, SCSI Id=7, 32/253 SCBs
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci1: <Intel ICH2 UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x37
6,0xfc00-0xfc0f at device 31.1 on pci0
ata0: <ATA channel 0> on atapci1
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci1
ata1: [ITHREAD]
uhci0: <Intel 82801BA/BAM (ICH2) USB controller USB-A> port 0xd800-0xd81f irq 19
at device 31.2 on pci0
uhci0: [GIANT-LOCKED]
uhci0: [ITHREAD]
usb0: <Intel 82801BA/BAM (ICH2) USB controller USB-A> on uhci0
usb0: USB revision 1.0
uhub0: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb0
uhub0: 2 ports with 2 removable, self powered
ichsmb0: <Intel 82801BA (ICH2) SMBus controller> port 0xc00-0xc0f at device 31.3
on pci0
ichsmb0: [GIANT-LOCKED]
ichsmb0: [ITHREAD]
smbus0: <System Management Bus> on ichsmb0
smb0: <SMBus generic I/O> on smbus0
uhci1: <Intel 82801BA/BAM (ICH2) USB controller USB-B> port 0xdc00-0xdc1f irq 23
at device 31.4 on pci0
uhci1: [GIANT-LOCKED]
uhci1: [ITHREAD]
usb1: <Intel 82801BA/BAM (ICH2) USB controller USB-B> on uhci1
usb1: USB revision 1.0
uhub1: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb1
uhub1: 2 ports with 2 removable, self powered
acpi_button1: <Sleep Button> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A
sio0: [FILTER]
sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
sio1: [FILTER]
cpu0: <ACPI CPU> on acpi0
p4tcc0: <CPU Frequency Thermal Control> on cpu0
ichwd0: <Intel 82801BA watchdog timer> on isa0
ichwd0: Intel 82801BA watchdog timer (ICH2 or equivalent)
pmtimer0 on isa0
orm0: <ISA Option ROMs> at iomem 0xca000-0xcb7ff,0xcb800-0xcc7ff,0xe0000-0xe0fff
,0xe8000-0xebfff pnpid ORM0000 on isa0
ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
ppc0: Generic chipset (ECP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/8 bytes threshold
ppbus0: <Parallel port bus> on ppc0
ppbus0: [ITHREAD]
plip0: <PLIP network interface> on ppbus0
plip0: WARNING: using obsoleted IFF_NEEDSGIANT flag
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
ppc0: [GIANT-LOCKED]
ppc0: [ITHREAD]
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 1793364720 Hz quality 800
Timecounters tick every 1.000 msec
ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based forwarding
disabled, default to deny, logging disabled
Waiting 5 seconds for SCSI devices to settle
da0 at ahc0 bus 0 target 0 lun 0
da0: <HP 18.2G ATLAS10K3_18_WLS HP05> Fixed Direct Access SCSI-2 device
da0: 160.000MB/s transfers (80.000MHz DT, offset 127, 16bit)
da0: Command Queueing Enabled
da0: 17366MB (35566480 512 byte sectors: 255H 63S/T 2213C)
hwpmc: TSC/1/0x20<REA> P4/18/0xfff<INT,USR,SYS,EDG,THR,REA,WRI,INV,QUA,PRC,TAG,C
SC>
da1 at ahc0 bus 0 target 6 lun 0
da1: <IBM DNES-309170W SAH0> Fixed Direct Access SCSI-3 device
da1: 80.000MB/s transfers (40.000MHz, offset 30, 16bit)
da1: Command Queueing Enabled
da1: 8748MB (17916240 512 byte sectors: 255H 63S/T 1115C)
Trying to mount root from ufs:/dev/da0s1a
-----------------------------------------------------------------------------
Ядро:
-----------------------------------------------------------------------------
cpu I686_CPU
ident orion
maxusers 256
# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
options SCHED_ULE # ULE scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
options INET6 # IPv6 communications protocols
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
options MD_ROOT # MD is a potential root device
options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_PART_GPT # GUID Partition Tables.
options GEOM_LABEL # Provides labelization
options GEOM_GATE
options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options COMPAT_FREEBSD6 # Compatible with FreeBSD6
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options STACK # stack(9) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options SHMMAXPGS=65536
options SEMMNI=40
options SEMMNS=240
options SEMUME=40
options SEMMNU=120
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options ADAPTIVE_GIANT # Giant mutex is adaptive.
options STOP_NMI # Stop CPUS using NMI instead of IPI
options AUDIT # Security event auditing
#options KDTRACE_HOOKS # Kernel DTrace hooks
# To make an SMP kernel, the next two lines are needed
options SMP # Symmetric MultiProcessor Kernel
device apic # I/O APIC
device hwpmc
options HWPMC_HOOKS
# CPU frequency control
options HZ=2000
device cpufreq
device coretemp
# Bus support.
device eisa
device pci
device smbus
device smb
device ichsmb
device intpm
device ichwd
# Floppy drives
device fdc
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
device ataraid # ATA RAID drives
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID # Static device numbering
device atapicam
# SCSI Controllers
device ahc # AHA2940 and onboard AIC7xxx devices
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# SCSI peripherals
device scbus # SCSI bus (required for SCSI)
device ch # SCSI media changers
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device cd # CD
device pass # Passthrough device (direct SCSI access)
device ses # SCSI Environmental Services (and SAF-TE)
#device xpt
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device kbdmux # keyboard multiplexer
device vga # VGA video card driver
device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
device agp # support several AGP chipsets
options SC_NORM_ATTR=(FG_GREEN|BG_BLACK)
options SC_NORM_REV_ATTR=(FG_GREEN|BG_BLACK)
options SC_KERNEL_CONS_ATTR=(FG_RED|BG_BLACK)
options SC_KERNEL_CONS_REV_ATTR=(FG_RED|BG_BLACK)
options SC_CUT_SPACES2TABS
# Power management support (see NOTES for more options)
#device apm
# Add suspend/resume support for the i8254.
device pmtimer
# Serial (COM) ports
device sio # 8250, 16[45]50 based serial ports
device uart # Generic UART driver
# Parallel port
device ppc
device ppbus # Parallel port bus (required)
device lpt # Printer
device plip # TCP/IP over parallel
device ppi # Parallel port interface device
#device vpo # Requires scbus and da
device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_CDNR
options ALTQ_PRIQ
options ALTQ_NOPCC
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
device ste # Sundance ST201 (D-Link DFE-550TX)
device sk
# Pseudo devices.
device loop # Network loopback
device random # Entropy device
device ether # Ethernet support
device sl # Kernel SLIP
device ppp # Kernel PPP
device tun # Packet tunnel.
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
#device firmware # firmware assist module
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
# USB support
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device ehci # EHCI PCI->USB interface (USB 2.0)
device usb # USB Bus (required)
device ugen # Generic
device uhid # "Human Interface Devices"
device ukbd # Keyboard
#device ulpt # Printer
device umass # Disks/Mass storage - Requires scbus and da
device ums # Mouse
-----------------------------------------------------------------------------
sysctl.conf
-----------------------------------------------------------------------------
net.inet.ip.fw.autoinc_step=5
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
kern.ipc.maxsockbuf=16777216
net.inet.tcp.rfc1323=1
net.inet.tcp.sendbuf_max=16777216
net.inet.tcp.recvbuf_max=16777216
net.inet.tcp.sendbuf_auto=1
net.inet.tcp.sendbuf_inc=8192
net.inet.tcp.recvbuf_auto=1
net.inet.tcp.recvbuf_inc=16384
-----------------------------------------------------------------------------
ifconfig -ma
-----------------------------------------------------------------------------
fxp0: flags=8843 metric 0 mtu 1500
options=8
capabilities=8
ether 00:30:6e:28:7d:09
inet 212.1.x.a netmask 0xfffffff8 broadcast 212.1.102.95
inet 212.1.x.b netmask 0xfffffff8 broadcast 212.1.102.95
inet 212.1.x.c netmask 0xfffffff8 broadcast 212.1.102.95
inet 212.1.x.d netmask 0xfffffff8 broadcast 212.1.102.95
media: Ethernet autoselect (100baseTX )
status: active
supported media:
media autoselect
media 100baseTX mediaopt full-duplex
media 100baseTX
media 10baseT/UTP mediaopt full-duplex
media 10baseT/UTP
media none
media 100baseTX mediaopt hw-loopback
fxp1: flags=8843 metric 0 mtu 1500
options=8
capabilities=8
ether 00:d0:b7:16:09:d6
inet 10.0.1.101 netmask 0xffffff00 broadcast 10.0.1.255
inet 10.0.1.240 netmask 0xffffff00 broadcast 10.0.1.255
media: Ethernet autoselect (100baseTX )
status: active
supported media:
media autoselect
media 100baseTX mediaopt full-duplex
media 100baseTX
media 10baseT/UTP mediaopt full-duplex
media 10baseT/UTP
media none
media 100baseTX mediaopt hw-loopback
plip0: flags=108810 metric 0 mtu 1500
lo0: flags=8049 metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
pflog0: flags=0 metric 0 mtu 33204
pfsync0: flags=0 metric 0 mtu 1460
syncpeer: 224.0.0.240 maxupd: 128
-----------------------------------------------------------------------------
netstat -nr
-----------------------------------------------------------------------------
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 212.1.x.y UGS 0 27819843 fxp0
10.0.1.0/24 link#2 UC 0 0 fxp1
[..]
10.6.7.0/24 10.0.1.11 UGS 0 0 fxp1
10.95.0.0/16 10.0.1.11 UGS 0 0 fxp1
10.96.0.0/16 10.0.1.11 UGS 0 0 fxp1
127.0.0.1 127.0.0.1 UH 0 274306 lo0
212.1.x.x/29 link#1 UC 0 0 fxp0
212.1.x.y 00:23:5e:93:7b:21 UHLW 2 0 fxp0 1130
212.1.x.a 00:30:6e:28:7d:09 UHLW 1 26169 lo0
212.1.x.z 00:08:da:55:8f:f0 UHLW 1 2 fxp0 1185
Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 link#4 UHL lo0
ff01:4::/32 fe80::1%lo0 UC lo0
ff02::%lo0/32 fe80::1%lo0 UC lo0
-----------------------------------------------------------------------------
rc.conf
-----------------------------------------------------------------------------
hostname="orion.domain.com"
defaultrouter="212.1.x.y"
ifconfig_fxp0="inet 212.1.x.a netmask 255.255.255.248"
ifconfig_fxp0_alias0="inet 212.1.x.b netmask 255.255.255.248"
ifconfig_fxp0_alias1="inet 212.1.x.c netmask 255.255.255.248"
ifconfig_fxp0_alias2="inet 212.1.x.d netmask 255.255.255.248"
ifconfig_fxp1="inet 10.0.1.101 netmask 255.255.255.0"
ifconfig_fxp1_alias0="inet 10.0.1.240 netmask 255.255.255.0"
#ifconfig_fxp1_alias1="inet 192.168.52.101 netmask 255.255.255.0"
#ifconfig_fxp1_alias2="inet 192.168.52.240 netmask 255.255.255.0"
gateway_enable="YES"
router_enable="YES"
router_flags="-q"
#firewall_enable="NO" # Set to YES to enable firewall functionality
#firewall_script="/root/scripts/rc.firewall" # Which script to run to set up the firewall
#firewall_type="OPEN" # Firewall type (see /etc/rc.firewall)
#firewall_quiet="YES" # Set to YES to suppress rule display
pf_enable="YES"
pf_rules="/etc/pf/pf.conf"
#pf_program="/sbin/pfctl"
#pf_flags=""
inetd_enable="YES"
inetd_flags="-wW -C 60"
bsnmpd_enable="NO"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
daily_clean_hoststat_enable="YES"
daily_status_mail_rejects_enable="YES"
daily_status_include_submit_mailq="YES"
daily_submit_queuerun="YES"
font8x14="cp866u-8x14"
font8x16="cp866u-8x16"
font8x8="cp866u-8x8"
keymap="ua.koi8-u.shift.alt"
keyrate="fast"
mousechar_start="3"
saver="green"
scrnmap="koi8-u2cp866u"
#### -----
named_enable="YES"
named_program="/usr/sbin/named"
#named_flags=""
named_pidfile="/var/run/named/pid"
named_uid="bind"
named_chrootdir="/var/named"
named_chroot_autoupdate="YES"
named_symlink_enable="YES"
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
spamd_enable="YES"
amavisd_enable="YES"
apache22_enable="YES"
postfix_enable="YES"
squid_user="nobody"
#c_icap_enable="YES"
havp_enable="NO"
dhcpd_enable="YES"
dhcpd_conf="/usr/local/etc/dhcp/dhcpd.conf"
dhcpd_ifaces="fxp1"
dhcpd_withuser="_dhcp"
dhcpd_withgroup="_dhcp"
#dhcpd_jail_enable="YES"
#dhcpd_hostname="sirius-dhcp"
#dhcpd_ipaddress=""
ntpdate_enable="YES"
ntpdate_flags="-b"
ntpdate_config="/etc/ntp.conf"
ntpd_enable="YES"
ntpd_config="/etc/ntp.conf"
ntpd_sync_on_start="NO"
ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift"
postgresql_enable="YES"
postgresql_data="/usr/local/var/pgsql/data"
postgresql_flags="-w -s -m fast"
postgresql_initdb_flags="--encoding=utf-8 --lc-collate=C"
postgresql_class="default"
mysql_enable="NO"
#mysql_dbdir="/usr/local/var/mysql"
#mysql_args""
dbmail_imapd_enable="YES"
dbmail_lmtpd_enable="YES"
dbmail_pop3d_enable="YES"
dbmail_timsieved_enable="YES"
saslauthd_enable="NO"
#mpd_enable="YES"
-----------------------------------------------------------------------------
/var/log/messages
-----------------------------------------------------------------------------
Тут я пробовал установить 10.0.1.240/32 вместо 10.0.1.240/24
Aug 28 11:39:19 orion kernel: arp_rtrequest: bad gateway 10.0.1.240 (!AF_LINK)
Aug 28 11:39:31 orion kernel: arplookup 10.0.1.101 failed: host is not on local network
Aug 28 11:39:31 orion kernel: arpresolve: can't allocate route for 10.0.1.101
[..]
Aug 28 11:39:59 orion named[1529]: /usr/src/lib/bind/isc/../../../contrib/bind9/lib/isc/unix/socket.c:1214: unexpected error:
Aug 28 11:39:59 orion named[1529]: internal_send: 10.0.1.100#65467: Invalid argument
[..]
Aug 28 11:41:31 orion kernel: arplookup 10.0.1.101 failed: host is not on local network
Aug 28 11:41:31 orion kernel: arpresolve: can't allocate route for 10.0.1.101
После удаления алиаса и переподнятия интерфейса все нормализуется
Aug 28 11:41:31 orion routed[824]: interface fxp1 to 10.0.1.101 turned off
Aug 28 11:41:34 orion routed[824]: interface fxp1 to 10.0.1.101 restored
-----------------------------------------------------------------------------