2.0 RC1 CPU at 100% after 1-4 days
-
Right, I figured I'd upgrade anyway, no huge hopes that it'll solve this issue, but perhaps the something with nc changed?
I haven't done anything exotic, just set up some NAT port forwarding via Web Configurator, which I assume was what added those nc lines to inetd.conf.
-
Upgraded to
2.0-RC1 (i386)
built on Thu Mar 24 13:58:11 EDT 2011and disabled Snort for the time being. Thanks for the input so far; if it happens again I'll be sure to copy down the logs for more info before rebooting it.
-
I haven't done anything exotic, just set up some NAT port forwarding via Web Configurator, which I assume was what added those nc lines to inetd.conf.
I have a number of port forward rules defined in Firewall -> NAT, click on Port Forward tab and I don't have any nc entries in /etc/inetd.conf. Do you have a different type of port forward?
-
Can you tell me if you have any aliases referenced on port forward rules?
-
Yes, I have aliases defined for most of my firewall rules. For some aliases, I specified both the internal and external IP's.
Under Firewall->Aliases, I have a few entries similar to
Name | Values
mailserver | 10.0.0.4, xxx.xxx.xxx.85Then in Firewall->NAT I created rule(s) using the aliases, like:
WAN TCP * * xxx.xxx.xxx.85 25 (SMTP) mailserver 25 (SMTP) Mail Server -
Ok try with latest snapshot. I fixed an issue on the generated configs in the backend.
If you do not want to wait for next snapshot the change is https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/650b573bd8a435449178385a2d132f7f0002d309 -
OK, thanks! Other than upgrading my snapshot, should I remove/re-add my firewall rules? Delete the nc entries from inetd.conf?
-
For the time being, I've removed the aliases from my setup; once things are stable I'll turn them back on.
-
You should not do any changes to your firewal other than upgrade.
It would be good to give feedback if it solves your issues since its better fix it now rather than go through the hoops again after 2.0
-
OK. Updated, with aliases enabled, so far so good over the weekend. Out of town this week so hopefully it will behave; I'll report on hopefully successful results then.
-
Also of note, after the upgrade, the only line in /etc/inetd.conf is for tftp-proxy.
[edit: never mind, the file of interest is /var/etc/inetd.conf, which does contain the nc lines.] -
No joy, I'm not sure if it correlated when I turned back on aliases, but it happened again. This was running Saturday Mar 26 build.
I just ran update (Monday the 28th) and it seems to have now back-dated itself to the 24th.
Curiously, /etc/inetd.conf was only one line, the tftp info. Butas you can see in the ps dump, there are a lot of the nc lines.MBUF's looked normal, as did states.
This time I got a full dump of ps aux:
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 21242 6.7 0.2 3436 1552 ?? Rs Sat01PM 1:42.86 /usr/sbin/inetd nobody 1000 5.8 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>(snip: a ton of these lines) nobody 61570 5.2 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 63274 5.2 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 18960 0.6 0.1 3316 912 ?? R 9:51AM 0:00.00 /sbin/sysctl -n root 53978 0.4 2.4 54708 23540 ?? S Sat01PM 0:09.64 /usr/local/bin/p root 12 0.1 0.0 0 96 ?? WL Sat01PM 31:05.84 [intr] root 0 0.0 0.0 0 48 ?? DLs Sat01PM 0:00.27 [kernel] root 1 0.0 0.0 1888 456 ?? ILs Sat01PM 0:00.01 /sbin/init -- root 2 0.0 0.0 0 8 ?? DL Sat01PM 0:02.38 [g_event] root 3 0.0 0.0 0 8 ?? DL Sat01PM 0:04.28 [g_up] root 4 0.0 0.0 0 8 ?? DL Sat01PM 0:04.20 [g_down] root 5 0.0 0.0 0 8 ?? DL Sat01PM 0:00.00 [crypto] root 6 0.0 0.0 0 8 ?? DL Sat01PM 0:00.00 [crypto returns] root 7 0.0 0.0 0 8 ?? DL Sat01PM 0:00.00 [sctp_iterator] root 8 0.0 0.0 0 8 ?? DL Sat01PM 0:02.55 [pfpurge] root 9 0.0 0.0 0 8 ?? DL Sat01PM 0:00.00 [xpt_thrd] root 10 0.0 0.0 0 8 ?? DL Sat01PM 0:00.00 [audit] root 11 0.0 0.0 0 8 ?? RL Sat01PM 2572:40.34 [idle] root 13 0.0 0.0 0 8 ?? DL Sat01PM 0:00.00 [ng_queue] root 14 0.0 0.0 0 8 ?? DL Sat01PM 0:11.44 [yarrow] root 15 0.0 0.0 0 128 ?? DL Sat01PM 0:01.63 [usb] root 16 0.0 0.0 0 8 ?? DL Sat01PM 0:00.09 [pagedaemon] root 17 0.0 0.0 0 8 ?? DL Sat01PM 0:00.00 [vmdaemon] root 18 0.0 0.0 0 8 ?? DL Sat01PM 0:00.00 [pagezero] root 19 0.0 0.0 0 8 ?? DL Sat01PM 0:00.11 [idlepoll] root 20 0.0 0.0 0 8 ?? DL Sat01PM 0:00.42 [bufdaemon] root 21 0.0 0.0 0 8 ?? DL Sat01PM 0:00.41 [vnlru] root 22 0.0 0.0 0 8 ?? DL Sat01PM 0:05.31 [syncer] root 23 0.0 0.0 0 8 ?? DL Sat01PM 0:00.55 [softdepflush] root 24 0.0 0.0 0 8 ?? DL Sat01PM 0:00.19 [flowcleaner] root 40 0.0 0.0 0 8 ?? DL Sat01PM 0:00.12 [md0] root 151 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 247 0.0 0.1 3408 1148 ?? INs Sat01PM 0:00.01 /usr/local/sbin/ root 249 0.0 0.1 3408 1048 ?? IN Sat01PM 0:00.00 check_reload_sta root 260 0.0 0.1 1888 540 ?? Is Sat01PM 0:00.02 /sbin/devd root 475 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 517 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 852 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 920 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 1135 0.0 0.3 4528 2504 ?? I Sat01PM 0:00.00 /usr/local/sbin/ root 1258 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 1552 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 1672 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd (snip: a ton of these lines) root 9087 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 9269 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 9502 0.0 0.2 3504 1452 ?? SN Sat01PM 0:00.29 ntpdate 0.pfsens root 9614 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 9738 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 10016 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 10237 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 10307 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 10619 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 10807 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 10819 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 10927 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 11050 0.0 0.2 3436 1560 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 11180 0.0 0.1 3316 1368 ?? Ss Sat01PM 0:00.10 ntpd: [priv] (nt root 11245 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 11394 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 11494 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 11518 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 11544 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 11588 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 11680 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 11692 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 11773 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 11785 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 11994 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 11998 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 12278 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 12309 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 12496 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 12591 0.0 0.2 3436 1560 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 12607 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 12728 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 12747 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 12838 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 12852 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 13008 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 13114 0.0 0.2 3436 1560 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 13219 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 13341 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 13445 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 13464 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 13502 0.0 0.1 3316 1028 ?? Ss Sat01PM 0:00.08 /usr/local/sbin/ root 13570 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 13668 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 13832 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 13869 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 13882 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 14093 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 14167 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 14243 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 14386 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 14411 0.0 0.3 5272 3076 ?? Is Sat01PM 0:00.00 /usr/sbin/sshd root 14420 0.0 0.2 3436 1560 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 14563 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 14680 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 14686 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 14823 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 14992 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 15050 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 15094 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 15284 0.0 0.1 3448 1416 ?? Ss Sat01PM 0:04.77 /usr/sbin/syslog root 15301 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 15357 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 15431 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 15469 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 15476 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 15486 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 15646 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 15705 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 15742 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 15918 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 16022 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 16114 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 16156 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 16276 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 16501 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 16569 0.0 0.0 640 244 ?? Rs 9:51AM 0:00.00 nc -u -w 2000 10 root 16802 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 16815 0.0 0.1 3404 1380 ?? Ss Sat01PM 0:00.28 /usr/sbin/cron - nobody 16856 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 16921 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 16922 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 16999 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 17073 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 17130 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 17309 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 17342 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 17363 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 17424 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 17453 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 17574 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 17623 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 17654 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 17748 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 17878 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 17968 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 18097 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 18241 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 18379 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 18409 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 18410 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 18577 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 18689 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 18733 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 18931 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 19015 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 19109 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 19130 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 19144 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 19202 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 19386 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 19394 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 19463 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 19622 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 19704 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 19727 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 19791 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 19955 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 19970 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 20187 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 20265 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 20335 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 20505 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 20506 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 20671 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd snort 20744 0.0 12.1 136508 116252 ?? Ss Sat06PM 1:53.12 /usr/local/bin/s nobody 20747 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 20783 0.0 0.5 7164 5204 ?? Ss Sat01PM 0:15.65 openvpn --config root 20859 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 20916 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 20932 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 21078 0.0 0.1 1864 680 ?? Rs 9:51AM 0:00.00 nc -u -w 2000 10 root 21136 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 21140 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 21183 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 21466 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 21475 0.0 0.1 1864 876 ?? Rs 9:51AM 0:00.00 nc -u -w 2000 10 root 21763 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 21774 0.0 0.1 3656 1400 ?? IN Sat01PM 0:00.00 /bin/sh /usr/loc nobody 21800 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 21983 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 21987 0.0 0.1 1888 488 ?? Rs 9:51AM 0:00.00 nc -u -w 2000 10 root 22097 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 22178 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 22275 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 22340 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 22560 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 22602 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 22671 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 22861 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 22954 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 23085 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 23149 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 23254 0.0 0.1 3316 1036 ?? Ss Sat01PM 0:00.11 /usr/local/bin/m nobody 23374 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 23378 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 23388 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 23614 0.0 0.1 3316 1036 ?? Is Sat01PM 0:00.01 /usr/local/bin/m root 23698 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 23700 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 23827 0.0 0.1 3316 1036 ?? Is Sat01PM 0:00.00 /usr/local/bin/m root 23878 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 23966 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 23970 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 24286 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 24302 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 24311 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 24500 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 24517 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 24679 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 24792 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 24843 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 24965 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 25036 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 25074 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 25106 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 25266 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 25278 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 25318 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 25360 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 25539 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 25645 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 25788 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 25974 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 26065 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 26149 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 26350 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 26391 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 26406 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 26472 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 26557 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 26570 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 26599 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 26673 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 26769 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 26999 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 27026 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 27066 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 27081 0.0 0.2 3656 1772 ?? SN 9:51AM 0:00.00 /bin/sh /var/db/ nobody 27179 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 27196 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 27346 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 27355 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 27520 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 27656 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 27673 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 27752 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 27802 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 27831 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 27834 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 27944 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 28045 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 28116 0.0 0.1 1888 488 ?? Rs 9:51AM 0:00.00 nc -u -w 2000 10 root 28121 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 28166 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 28340 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 28457 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 28555 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 28606 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 28645 0.0 0.1 1864 532 ?? Rs 9:51AM 0:00.00 nc -u -w 2000 10 nobody 32225 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 32254 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 32448 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 32553 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 32588 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 32617 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 32678 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 32893 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 32904 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 32909 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 33001 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 33013 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 33110 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 33177 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 33436 0.0 0.1 1864 876 ?? Rs 9:51AM 0:00.00 nc -u -w 2000 10 root 33444 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 33622 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 33707 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 33714 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 33788 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 33789 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 33994 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 34046 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd (snipped out a lot of lines to fit the post limit) nobody 35523 0.0 0.0 0 0 ?? Z 9:51AM 0:00.0</defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct>
-
Its /var/etc/inetd.conf and not /etc/inetd.conf.
Can you be more clear is it working or not?
-
Ahh, right- the nc lines are indeed in /var/etc/inetd.conf.
Saturday's build died on me today, seemingly right after I added the aliases back to my NAT rules. I tried updating to a new build but it seems to have picked up the one dated Mar 24. I'll try updating again today shortly.
So, yes I'm still seeing the same problem, but will need to sort out the update before I can reproduce it again.
-
I seem to be experiencing the same (or a similar) issue.
The patch here seems to be in my version, I'm running RC1 snapshot built on 3/25
https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/650b573bd8a435449178385a2d132f7f0002d309Had no issues with the 3/12 snapshot I was running before this.
Here's a sampling from ps:
root 34705 5.3 0.1 3436 1576 ?? Rs 1:49PM 4:53.07 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 37229 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 37346 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 37677 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 37760 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 38084 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 38350 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 38514 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 38535 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 38737 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 39078 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 39142 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 39401 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 39438 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 39565 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 39721 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 39981 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf root 40075 5.3 0.1 3436 1576 ?? R 3:20PM 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf nobody 19426 5.2 0.1 3344 1076 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 nobody 20394 5.2 0.0 1888 476 ?? Rs 3:20PM 0:00.00 nc -u -w 2000 Array 53 root 21785 5.2 0.1 3436 1596 ?? R 3:20PM 0:00.00 inetd: wrapping (inetd) nobody 22002 5.2 0.1 3344 1072 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 nobody 22322 5.2 0.0 2320 880 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 nobody 22569 5.2 0.1 3344 1144 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 nobody 22650 5.2 0.1 3344 1144 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 root 22891 5.2 0.1 3436 1588 ?? R 3:20PM 0:00.00 inetd: wrapping (inetd) nobody 23050 5.2 0.1 3344 1144 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 nobody 23175 5.2 0.1 3344 1148 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 nobody 23207 5.2 0.1 3344 1144 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 root 23414 5.2 0.1 3436 1592 ?? R 3:20PM 0:00.00 inetd: wrapping (inetd) nobody 23557 5.2 0.1 3344 1144 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 nobody 23785 5.2 0.1 3344 1144 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 root 23925 5.2 0.1 3436 1588 ?? R 3:20PM 0:00.00 inetd: wrapping (inetd) nobody 24162 5.2 0.1 3344 1144 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 nobody 24456 5.2 0.1 3344 1144 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 root 25449 5.2 0.1 3436 1584 ?? R 3:20PM 0:00.00 inetd: wrapping (inetd) nobody 25886 5.2 0.1 3344 1144 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 nobody 26097 5.2 0.1 3344 1144 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 nobody 26161 5.2 0.1 3344 1144 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 nobody 26442 5.2 0.1 3344 1144 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 nobody 26763 5.2 0.1 3344 1144 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53 nobody 27273 5.2 0.1 3344 1144 ?? Rs 3:20PM 0:00.01 nc -u -w 2000 Array 53
Here is my /var/etc/inetd.conf
tftp-proxy dgram udp wait root /usr/libexec/tftp-proxy tftp-proxy -v 19000 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.67 25 19001 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.67 53 19001 dgram udp nowait/0 nobody /usr/bin/nc nc -u -w 2000 Array 53 19002 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.67 636 19003 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.63 80 19004 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.63 443 19005 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.45 22 19006 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.45 80 19007 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.45 443 19008 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.40 22 19009 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.40 80 19010 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.40 443 19011 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.41 80 19012 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.41 443 19013 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.62 22 19014 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.62 80 19015 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.62 443 19016 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.69 80 19017 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.69 443 19018 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.69 3389 19019 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.49 80 19020 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.49 443 19021 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.20 22 19022 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.20 9996 19023 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.43 80 19024 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.43 443 19025 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.64 80 19026 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.64 443 19027 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.61 22 19028 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.61 80 19029 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.61 443 19030 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.2 443 19031 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.2 4125 19032 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.64 22 19033 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.63 22
-
OK, well I was able to fix my problem by turning off NAT reflection on the rule that was causing the weird line in /var/etc/inetd.conf
The problem was caused by a single NAT rule, tcp/udp forwarding port 53 to an internal server. Didn't need NAT reflection on that rule anyway.
-
2.0-RC1 (amd64)
built on Sat Mar 26 00:18:39 EDT 2011I just updated and saw the same thing here. I disabled NAT reflection and things quickly settled down, although I'm left with 3 zombie processes.
-
Can i have the port forward rules from one of you to try to replicate locally?
-
Add any simple port forward with TCP/UDP as the protocol. I just changed an SSH forward from TCP to TCP/UDP and got this in /var/etc/inetd.conf:
19032 dgram udp nowait/0 nobody /usr/bin/nc nc -u -w 2000 Array 22
All my TCP only NAT rules are fine with reflection turned on. I haven't tested UDP only rules.
-
@ermal:
Can i have the port forward rules from one of you to try to replicate locally?
Do you want a screen shot of the page, or some specific file?