From owner-freebsd-net Mon Oct 12 15:39:12 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA00283 for freebsd-net-outgoing; Mon, 12 Oct 1998 15:39:12 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from paprika.michvhf.com (paprika.michvhf.com [209.57.60.12]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id PAA00276 for ; Mon, 12 Oct 1998 15:39:10 -0700 (PDT) (envelope-from vev@michvhf.com) Received: (qmail 16780 invoked by uid 1000); 12 Oct 1998 22:41:07 -0000 Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Mon, 12 Oct 1998 18:41:07 -0400 (EDT) From: Vince Vielhaber To: freebsd-net@FreeBSD.ORG Subject: ipfw and dummynet Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm having a problem with ipfw and dummynet - but I'm not sure that dummynet has anything to do with it. First some background. I'm running a news server that I sometimes need to limit bandwidth coming from certain sites - but not all and not all the time which is why I don't want to tell any of them to limit what they send me. I installed the patches to 2.2.7-REL for dummynet and enabled it in the kernel and built a new kernel with these options: options IPFIREWALL options DUMMYNET The problem I'm having is that even with only one rule: ipfw add pipe 1 ip from any to any and ipfw pipe 1 config bw 100MB/s only the local subnet can get in. After a while (no specific timeframe that I've found) it starts allowing traffic from outside. After a while it closes down again. This can/has even happen(ed) right from bootup. There seems to be no pattern to it and the only thing I can find in /var/log/messages is: Oct 12 17:35:25 marge /kernel: arplookup 209.57.60.17 failed: host is not on local network There's a string of these from anything that tried to contact it - the above is from one of my machines on a different subnet. When these messages stop the traffic again flows. After chatting with Luigi about it, he thought it may have been running out of mbufs, so I added this to the config: options "NMBCLUSTERS=7000" and once again rebuilt. Same thing. I've even tried powering the machine down for a while and restarting it (just in case), but it's the same thing. But there's no sign of it from netstat -m: 347 mbufs in use: 183 mbufs allocated to data 86 mbufs allocated to packet headers 76 mbufs allocated to protocol control blocks 2 mbufs allocated to socket names and addresses 87/412 mbuf clusters in use 867 Kbytes allocated to network (25% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines There is no traffic flowing right now as I cut-n-pasted this. With the above rule, this should be maxing out both T1's and occasionally it will. But then it'll close down again. Any suggestions? Vince. -- ========================================================================== Vince Vielhaber -- KA8CSH email: vev@michvhf.com flame-mail: /dev/null # include TEAM-OS2 Online Searchable Campground Listings http://www.camping-usa.com "There is no outfit less entitled to lecture me about bloat than the federal government" -- Tony Snow ========================================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message