Date: Tue, 21 Dec 2004 16:26:31 +0900 From: Pyun YongHyeon <yongari@kt-is.co.kr> To: Andrew Thomson <andrewjt@applecomm.net> Cc: freebsd-sparc64@freebsd.org Subject: Re: netra t1 as a firewall Message-ID: <20041221072631.GB5301@kt-is.co.kr> In-Reply-To: <1103610454.38458.13.camel@itouch-1011.prv.au.itouchnet.net> References: <1103610454.38458.13.camel@itouch-1011.prv.au.itouchnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 21, 2004 at 05:27:34PM +1100, Andrew Thomson wrote: > All, > > This may be kind of a loose comment but I thought I'd float it as most > of my experience is with i386 freebsd not sparc. > > Basically at a site I have installed a Netra T1 as a firewall - worked > out well as it had a lot of nics in it, hme[0-5]. > > I originally installed 5.2.1 on it but soon discovered that the hme > driver in 5.2.1 didn't allocate different mac addresses! Upgraded to 5.3 > and that problem disappeared. > > This firewall runs a simple office network providing internet access and > has a couple of IPSEC VPNs to other sites. > > After the initial install, the network seemed to be "hanging" when > running simple commands on remote boxes, top, ls -al etc.. The MTU was > changed was to 1492 which seemed to resolve the problem. > > However now when we try to transfer files across the VPN, the transfers > just stall. If the mtu is changed back to 1500, the transfers across the > VPN work but then the network hang returns until the mtu is dropped to > 1492 again - it's pretty weird. > > Basically I just thought I'd float the problem here just to make sure > I'm not running into any known sparc related issues.. > > My /var/log/messages is filled with these... > > hme2: discard oversize frame (ether type 800 flags 3 len 1514 > max > 1506) > hme2: discard oversize frame (ether type 800 flags 3 len 1514 > max > 1506) > hme2: discard oversize frame (ether type 800 flags 3 len 1514 > max > 1506) > hme2: discard oversize frame (ether type 800 flags 3 len 1514 > max > 1506) > ether type 0x800 -> IP protocol m->m_flags 0x03 -> M_EXT | M_PKTHDR So I guess you have link negotiation problem. Check netstat(1) for collision counter. If you see high number of collision counter, try to force negotation media type/option with ifconfig(8) > Any thoughts appreciated. > > Regards, > > ajt. > > > -- > Andrew Thomson <andrewjt@applecomm.net> > -- Regards, Pyun YongHyeon http://www.kr.freebsd.org/~yongari | yongari@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041221072631.GB5301>