Took me a while to realize as my provider also had problems with upstream speed. Running now FBSD10 FreeBSD 10 on a HP microserver with ipfilter/ipmon enabled. Sending out TCP traffic results in blocked packets being logged with ipmon:
This is not only true for Git, but also for web, FTP whatever The rules are defined like on version 9 before:
From the poor log message documentation I've found on ipmon, the packet sizes are over 1500. So I'm not sure if those values should be <= 1500 or not, instead of 2948.
Code:
ug 19 16:19:51 netdb ipmon[885]: 16:19:51.276031 em0 @0:6 b 213.193.121.99,9418 -> 213.193.121.98,42174 PR tcp len 20 2948 -A OUT bad
Aug 19 16:19:51 netdb ipmon[885]: 16:19:51.276067 em0 @0:6 b xxx.xxx.121.99,9418 -> xxx.xxx.121.98,42174 PR tcp len 20 2948 -A OUT bad
Aug 19 16:19:51 netdb ipmon[885]: 16:19:51.979947 em0 @0:6 b xxx.xxx.121.99,9418 -> xxx.xxx.121.98,42174 PR tcp len 20 2948 -A OUT bad
Aug 19 16:19:52 netdb ipmon[885]: 16:19:52.685548 em0 @0:6 b xxx.xxx.121.99,9418 -> xxx.xxx.121.98,42174 PR tcp len 20 2948 -A OUT bad
Aug 19 16:19:52 netdb ipmon[885]: 16:19:52.685594 em0 @0:6 b xxx.xxx.121.99,9418 -> xxx.xxx.121.98,42174 PR tcp len 20 2948 -A OUT bad
This is not only true for Git, but also for web, FTP whatever The rules are defined like on version 9 before:
Code:
pass in quick on em0 proto tcp from xxx.xxx.121.96/29 port > 1023 to xxx.xxx.121.99/32 port = 9418 flags S/SA keep state keep frags
From the poor log message documentation I've found on ipmon, the packet sizes are over 1500. So I'm not sure if those values should be <= 1500 or not, instead of 2948.