From owner-freebsd-pf@FreeBSD.ORG Tue Jun 10 00:56:53 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C0FC1065682 for ; Tue, 10 Jun 2008 00:56:53 +0000 (UTC) (envelope-from m.pagulayan@auckland.ac.nz) Received: from mailhost.auckland.ac.nz (curly.its.auckland.ac.nz [130.216.12.33]) by mx1.freebsd.org (Postfix) with ESMTP id 834088FC15 for ; Tue, 10 Jun 2008 00:56:50 +0000 (UTC) (envelope-from m.pagulayan@auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id A712E9C481 for ; Tue, 10 Jun 2008 12:56:48 +1200 (NZST) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (curly.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lRUTivUYeemy for ; Tue, 10 Jun 2008 12:56:47 +1200 (NZST) Received: from UXCHANGE2.UoA.auckland.ac.nz (uxcn2.itss.auckland.ac.nz [130.216.190.119]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id B4BDF9C446 for ; Tue, 10 Jun 2008 12:56:46 +1200 (NZST) Received: from UXCHANGE1.UoA.auckland.ac.nz ([130.216.190.118]) by UXCHANGE2.UoA.auckland.ac.nz with Microsoft SMTPSVC(6.0.3790.1830); Tue, 10 Jun 2008 12:56:45 +1200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 10 Jun 2008 12:55:17 +1200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: PF: See packet errors on external interface Thread-Index: AcjKlKZouyQH984RRPiX2qXAbFEThQ== From: "Mark Pagulayan" To: X-OriginalArrivalTime: 10 Jun 2008 00:56:45.0027 (UTC) FILETIME=[DA866330:01C8CA94] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: PF: See packet errors on external interface X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jun 2008 00:56:53 -0000 Hi Guys,=20 =20 I was just wondering if you could help me with my problem.=20 =20 Before going to the details here is my setup: =20 OS: FreeBSD 7.0-RELEASE i386 Firewall:PF Interface: em1(external interface) and em0(internal interface) Setup: The 2 interfaces above are setup as a bridge so we are using PF as a layer2 FW.=20 Use altq to define queues on em1 and em0 ( default, unlimited, sponsored, premium, standard) =20 =20 Doing a netstat -d -I em1. I can see that there incoming packet errors but no outgoing packet errors. A number of drops but no collision. =20 Doing a netstat -d -I em0. I can see that there are no errors on the incoming and outgoing packets. A number of drops but no collision. =20 Doing a netstat -d -l bridge0. don't see any errors on the incoming and outgoing packets. No drops and collision. =20 Looking at my ruleset I can see that I have=20 =20 scrub in on em1=20 =20 Does this rule cause the packet errors? Or presumably because of the speed of the network? We are running at around 8000 packet/s for incoming and outgoing traffic.=20 There was plan of removing this rule? If we do that? What would the implications be?=20 =20 Also using the tool pftop, the default queue has packet drops and suspensions QUEUE BW SCH PRIO PKTS BYTES DROP_P DROP_B QLEN BORROW SUSPEN P/S B/S default 134M cbq 1326370 775902K 138 102128 0 0 2798 8182 4340435 =20 Do you think the scrub rule is the causing pf to suspend some packets? I also wish to understand how pftop works to be able to debug the problem.=20 =20 The reason that I am asking this questions is that we get connectivity issues with some external sites that we connect to. It might be the uplink that has problems but I hope I could gather information on what might be causing this, or things might be or not related to this issue.=20 =20 Your help would be greatly appreciated. =20 Thanks =20 Mark Pagulayan University of Auckland