Date: Thu, 9 Nov 2006 20:21:10 +0100 From: "Lars Wittebrood" <lars@socruel.nu> To: <freebsd-questions@freebsd.org> Cc: ipfilter@coombs.anu.edu.au Subject: System (Firewall - IP filter) freezes sometimes Message-ID: <302F75DC2739FB43B236373398A8C5992993@saturnus.intra.socruel.nu>
next in thread | raw e-mail | index | archive | help
Hello lists, I have a 6.1-RELEASE-p10 system running IP Filter which comes with 6.1 acting as a firewall for my small home network. This system freezes when handling a lot of data, ie. With an upload of a 60Meg file to the firewall through SFTP from OpenSSH or when accessing large webpages. With freezes I mean doesn't accept any new connections, doesn't respond on the keyboard. After 3 or 4 minutes the system 'lives' again. Nothing valueable is logged in the meantime. The NICs used are Intel Gbit Desktop adapter and the system is using the 'em' driver for this. I am running IP Filter as a module. The freeze doesn't happen when the IP Filter kernel module is unloaded! me@firewall me $ uname -a FreeBSD firewall.domain.nu 6.1-RELEASE-p10 FreeBSD 6.1-RELEASE-p10 #0: Thu Nov 2 16:00:30 CET 2006 root@firewall.domain.nu:/usr/obj/usr/src/sys/FIREWALL i386 me@firewall me $ ipf -V ipf: IP Filter: v4.1.8 (416) The sysctl.conf file of the system. # $FreeBSD: src/etc/sysctl.conf,v 1.8 2003/03/13 18:43:50 mux Exp $ # # This file is read when going to multi-user and its contents piped thru # ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details. # #----------------------------------------------------------------------- - # Disable kernel coredumps #----------------------------------------------------------------------- - kern.coredump=3D0 #----------------------------------------------------------------------- - # Some hardening options #----------------------------------------------------------------------- - security.bsd.see_other_uids=3D0 security.bsd.see_other_gids=3D0 #----------------------------------------------------------------------- - # Some networking options #----------------------------------------------------------------------- - net.inet.tcp.blackhole=3D2 net.inet.udp.blackhole=3D1 net.inet.ip.random_id=3D1 #----------------------------------------------------------------------- - # TCP/IP stack hardening #----------------------------------------------------------------------- - # Decrease the ARP cache cleanup interval net.link.ether.inet.max_age=3D1200 # Disable ICMP broadcast echo activity net.inet.icmp.bmcastecho=3D0 # Disable ICMP routing redirects net.inet.ip.redirect=3D0 # Disable ICMP broadcast probes net.inet.icmp.maskrepl=3D0 # Disable IP source routing net.inet.ip.sourceroute=3D0 net.inet.ip.accept_sourceroute=3D0 # Increase resiliance under heavy TCP load kern.ipc.somaxconn=3D1024 # Set TCP send and receive window sizes net.inet.tcp.sendspace=3D32768 net.inet.tcp.recvspace=3D32768 Anyone any idea what this is about? Regards, Lars Wittebrood.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?302F75DC2739FB43B236373398A8C5992993>