From owner-freebsd-performance@FreeBSD.ORG Fri Feb 6 18:19:23 2009 Return-Path: Delivered-To: freebsd-performance@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF8A8106566B for ; Fri, 6 Feb 2009 18:19:23 +0000 (UTC) (envelope-from alexdehaini@gmail.com) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.28]) by mx1.freebsd.org (Postfix) with ESMTP id 51C1F8FC1D for ; Fri, 6 Feb 2009 18:19:23 +0000 (UTC) (envelope-from alexdehaini@gmail.com) Received: by yx-out-2324.google.com with SMTP id 8so428263yxb.13 for ; Fri, 06 Feb 2009 10:19:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=333/ecQk0Lt7AJTgnYUJEgZ+XblCHU5+9l3Ay7eVovo=; b=ms7MYVWXUada/89lpvN9RRbm/yNxwXGxV8waOZuapdcbrvxKb7X4A9RGjUEVlLxydb FvpGbyIKVBTZzDcDu71HYgYNqMbnbvlWl3CWDGHEVXk9T5V//MYPDsDNEhl95dJjwoHg JLKaCZHoMPjFE9vmT/Rjba2FqmlJAs15mb2OM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=tKfC5cr42ej4w8CqlWEYzoaVdqB1HAOq/El1a+Y2j6LjnyCVe06kdVnXSmYPXr3oxU nKI87QrDiKgAzhX63E4o1R3a1AVNzVOQrs0qH+ynkX5c16/mA9WifsQN5/gD/6zGikWB R9C7QN0xE8Sn2V8qwiSwdlP1pJNQ5xGXrNyYs= MIME-Version: 1.0 Received: by 10.65.135.19 with SMTP id m19mr1540979qbn.77.1233944362166; Fri, 06 Feb 2009 10:19:22 -0800 (PST) In-Reply-To: <4b008f7d0902060724o6817f822ufb3ce8a8f9060fa8@mail.gmail.com> References: <4b008f7d0902060644o62a3942lf63ff6689c3b4d94@mail.gmail.com> <4b008f7d0902060724o6817f822ufb3ce8a8f9060fa8@mail.gmail.com> Date: Fri, 6 Feb 2009 18:19:22 +0000 Message-ID: <4b008f7d0902061019v414ef35do1b84a3f2e6f0b48d@mail.gmail.com> From: Alex Dehaini To: =?ISO-8859-1?Q?Istv=E1n_Szuk=E1cs?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-performance@freebsd.org Subject: Re: Limiting open port RST response from 247 to 200 packets per second X-BeenThere: freebsd-performance@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Performance/tuning List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2009 18:19:24 -0000 Any ideas On Fri, Feb 6, 2009 at 3:24 PM, Alex Dehaini wrote: > I increased net.inet.icmp.icmplim to 2000 but this does not make any > change. Here is my output > > myserver# sysctl -a | grep net.inet.icmp.icmplim > net.inet.icmp.icmplim: 2000 > net.inet.icmp.icmplim_output: 1 > > After increasing inet.icmp.icmplim to 2000 and startign Squid, I don't ge= t > the errors below > > Feb 5 20:39:44 myserver /kernel: Limiting open port RST response from 24= 7 > to 200 packets per second > Feb 5 20:39:44 myserver /kernel: Limiting open port RST response from 24= 7 > to 200 packets per second > Feb 5 20:39:45 myserver /kernel: Limiting open port RST response from 23= 9 > to 200 packets per second > > But traffic still drops. > > Alex > > > > On Fri, Feb 6, 2009 at 3:19 PM, Istv=E1n Szuk=E1cs wr= ote: > >> Hi! >> >> >> lix@test:~$sysctl -a | grep net.inet.icmp.icmplim >> net.inet.icmp.icmplim: 200 >> net.inet.icmp.icmplim_output: 1 >> >> >> Regards, >> Istvan >> >> On Fri, Feb 6, 2009 at 2:44 PM, Alex Dehaini wrot= e: >> >>> Hi Guys, >>> >>> I have some issues with Squid on Freebsd. I am running FreeBSD release >>> 4.9 >>> and Squid version 2.5. >>> >>> I have setup FreeBSD as a bridge so that all traffic from my network ca= n >>> transparently pass through the FreeBSD server. I am running Squid on th= e >>> same server and I created an ipfw rule to redirect port 80 to port 3128= . >>> >>> Normally, when Squid is not started - we see traffic close to 30MB >>> flowing >>> through the server. Immediately I start squid, the traffic drops to hal= f >>> and >>> sometimes lower and stays there. When this happens, I have a lot of >>> clients >>> that will call and complain they can't access the Internet. At the same >>> time, I get these log messages >>> >>> *Feb 5 20:39:44 myserver /kernel: Limiting open port RST response from >>> 247 >>> to 200 packets per second >>> Feb 5 20:39:44 myserver /kernel: Limiting open port RST response from >>> 247 >>> to 200 packets per second >>> Feb 5 20:39:45 myserver /kernel: Limiting open port RST response from >>> 239 >>> to 200 packets per second >>> Feb 5 20:39:45 myserver /kernel: Limiting open port RST response from >>> 239 >>> to 200 packets per second >>> Feb 5 20:39:46 myserver /kernel: Limiting open port RST response from >>> 273 >>> to 200 packets per second >>> Feb 5 20:39:46 myserver /kernel: Limiting open port RST response from >>> 273 >>> to 200 packets per second >>> Feb 5 20:39:47 myserver /kernel: Limiting open port RST response from >>> 228 >>> to 200 packets per second >>> Feb 5 20:39:47 myserver /kernel: Limiting open port RST response from >>> 228 >>> to 200 packets per second >>> Feb 5 20:39:48 myserver /kernel: Limiting open port RST response from >>> 225 >>> to 200 packets per second >>> Feb 5 20:39:48 myserver /kernel: Limiting open port RST response from >>> 225 >>> to 200 packets per second >>> Feb 5 20:39:49 myserver /kernel: Limiting open port RST response from >>> 244 >>> to 200 packets per second >>> Feb 5 20:39:49 myserver /kernel: Limiting open port RST response from >>> 244 >>> to 200 packets per second >>> Feb 5 20:39:50 myserver /kernel: Limiting open port RST response from >>> 259 >>> to 200 packets per second >>> Feb 5 20:39:50 myserver /kernel: Limiting open port RST response from >>> 259 >>> to 200 packets per second >>> Feb 5 20:39:51 myserver /kernel: Limiting open port RST response from >>> 234 >>> to 200 packets per second >>> Feb 5 20:39:51 myserver /kernel: Limiting open port RST response from >>> 234 >>> to 200 packets per second >>> Feb 5 20:39:52 myserver /kernel: Limiting open port RST response from >>> 243 >>> to 200 packets per second >>> Feb 5 20:39:52 myserver /kernel: Limiting open port RST response from >>> 243 >>> to 200 packets per second >>> Feb 5 20:39:53 myserver /kernel: Limiting open port RST response from >>> 218 >>> to 200 packets per second >>> Feb 5 20:39:53 myserver /kernel: Limiting open port RST response from >>> 218 >>> to 200 packets per second >>> Feb 5 20:39:55 myserver /kernel: Limiting open port RST response from >>> 233 >>> to 200 packets per second >>> Feb 5 20:39:55 myserver /kernel: Limiting open port RST response from >>> 233 >>> to 200 packets per second >>> Feb 5 20:39:56 myserver /kernel: Limiting open port RST response from >>> 241 >>> to 200 packets per second >>> Feb 5 20:39:56 myserver /kernel: Limiting open port RST response from >>> 241 >>> to 200 packets per second >>> Feb 5 20:39:57 myserver /kernel: Limiting open port RST response from >>> 220 >>> to 200 packets per second >>> Feb 5 20:39:57 myserver /kernel: Limiting open port RST response from >>> 220 >>> to 200 packets per second >>> Feb 5 20:39:58 myserver /kernel: Limiting open port RST response from >>> 206 >>> to 200 packets per second >>> Feb 5 20:39:58 myserver /kernel: Limiting open port RST response from >>> 206 >>> to 200 packets per second >>> Feb 5 20:40:01 myserver /kernel: Limiting open port RST response from >>> 223 >>> to 200 packets per second >>> Feb 5 20:40:01 myserver /kernel: Limiting open port RST response from >>> 223 >>> to 200 packets per second* >>> >>> When I stop Squid, everything returns to normal. Any idea what is causi= ng >>> this. I will appreciate any help. >>> >>> Thanks >>> >>> -- >>> Alex Dehaini >>> Developer >>> Site - www.alexdehaini.com >>> Email - alexdehaini@gmail.com >>> _______________________________________________ >>> freebsd-performance@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-performance >>> To unsubscribe, send any mail to " >>> freebsd-performance-unsubscribe@freebsd.org" >>> >> >> >> >> -- >> the sun shines for all >> > > > > -- > Alex Dehaini > Developer > Site - www.alexdehaini.com > Email - alexdehaini@gmail.com > --=20 Alex Dehaini Developer Site - www.alexdehaini.com Email - alexdehaini@gmail.com