Date: Tue, 7 Nov 2006 17:27:06 +0100 (CET) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-net@FreeBSD.ORG, amarat@ksu.ru Subject: Re: a very strange netstat output and problem when using transparent proxy Message-ID: <200611071627.kA7GR6LB059312@lurza.secnetix.de> In-Reply-To: <454FA451.2030407@ksu.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Marat N.Afanasyev <amarat@ksu.ru> wrote: > I've encountered a very strange situation about two hours ago. I use > squid as transparent proxy and forward all the packets from port 80 to > port 8000. Problem is, first of all, I have a lot of ierrs on interface > when looking to interface stats using netstat. What kind of interface is that? Excerpt from dmesg, ifconfig and netstat -i might be useful. In general, errors on the interface usually indicate a hardware error (NIC, cables, port). However, it might also be a driver bug. > The second problem is far > more serious: after a short period of time I have a completely frozen > system that can only send data, but very rarely receive and generates a > huge amount of ierrs on interface. > > ipfw rules are as follows: > > 00001 allow ip from any to any via lo0 > 00002 deny ip from any to 127.0.0.0/8 > 00003 deny ip from 127.0.0.0/8 to any > 00010 fwd xx.xx.xx.xx,8000 tcp from any to me dst-port 80 > 65535 allow ip from any to any > > problem with ierrs disappears after I delete rule with forward, but I > need this rule :( In that rule, is "xx.xx.xx.xx" an IP address configured on your NIC, or is it 127.0.0.1? If the former, try to replace it with 127.0.0.1 and check if that improves the situation. However, the FWD line should not cause ierrs on the NIC. If you're sure that your hardware is good, then there's probably a bug somewhere. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. C++: "an octopus made by nailing extra legs onto a dog" -- Steve Taylor, 1998
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611071627.kA7GR6LB059312>