From owner-freebsd-net@FreeBSD.ORG Tue Nov 7 16:28:17 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D2ED16A4F4 for ; Tue, 7 Nov 2006 16:28:17 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 20A3143D77 for ; Tue, 7 Nov 2006 16:27:13 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (sjivid@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id kA7GR6Y8059316; Tue, 7 Nov 2006 17:27:12 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id kA7GR6LB059312; Tue, 7 Nov 2006 17:27:06 +0100 (CET) (envelope-from olli) Date: Tue, 7 Nov 2006 17:27:06 +0100 (CET) Message-Id: <200611071627.kA7GR6LB059312@lurza.secnetix.de> From: Oliver Fromme To: freebsd-net@FreeBSD.ORG, amarat@ksu.ru In-Reply-To: <454FA451.2030407@ksu.ru> X-Newsgroups: list.freebsd-net User-Agent: tin/1.8.2-20060425 ("Shillay") (UNIX) (FreeBSD/4.11-STABLE (i386)) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Tue, 07 Nov 2006 17:27:12 +0100 (CET) Cc: Subject: Re: a very strange netstat output and problem when using transparent proxy X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-net@FreeBSD.ORG, amarat@ksu.ru List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Nov 2006 16:28:17 -0000 Marat N.Afanasyev wrote: > I've encountered a very strange situation about two hours ago. I use > squid as transparent proxy and forward all the packets from port 80 to > port 8000. Problem is, first of all, I have a lot of ierrs on interface > when looking to interface stats using netstat. What kind of interface is that? Excerpt from dmesg, ifconfig and netstat -i might be useful. In general, errors on the interface usually indicate a hardware error (NIC, cables, port). However, it might also be a driver bug. > The second problem is far > more serious: after a short period of time I have a completely frozen > system that can only send data, but very rarely receive and generates a > huge amount of ierrs on interface. > > ipfw rules are as follows: > > 00001 allow ip from any to any via lo0 > 00002 deny ip from any to 127.0.0.0/8 > 00003 deny ip from 127.0.0.0/8 to any > 00010 fwd xx.xx.xx.xx,8000 tcp from any to me dst-port 80 > 65535 allow ip from any to any > > problem with ierrs disappears after I delete rule with forward, but I > need this rule :( In that rule, is "xx.xx.xx.xx" an IP address configured on your NIC, or is it 127.0.0.1? If the former, try to replace it with 127.0.0.1 and check if that improves the situation. However, the FWD line should not cause ierrs on the NIC. If you're sure that your hardware is good, then there's probably a bug somewhere. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. C++: "an octopus made by nailing extra legs onto a dog" -- Steve Taylor, 1998