Date: Fri, 24 Jul 2009 16:56:11 -0400 From: Mike Edenfield <kutulu@kutulu.org> To: freebsd-stable@freebsd.org Subject: Torrent clients bring pf-based firewall to its knees...? Message-ID: <4A6A1FEB.9030001@kutulu.org>
next in thread | raw e-mail | index | archive | help
I've recently begun running a torrent client after hours on a PC sitting behind our firewall (7.2-STABLE using pf). I have added a 'rdr' rule to redirect incoming traffic to the client PC from the firewall, and as far as the client is concerned everything is fine. However, after a short period of torrent activity, the machine running the firewall becomes extremely slow and lagged for all network traffic, but appears to be operating fine locally. Remote connections via ssh become extremely unresponsive, and eventually connections start timing out, but when logged in at the console, there doesn't appear to be any problem. Running tcpdump does not show nusually high volume of traffic, no more than I see during normal activity during the day. The volume and length of connections doesn't seem to matter much -- trying to copy a BSD or Linux DVD with hundreds of connections breaks just as quickly as much smaller torrents with a handful of peers. I know there are some cheap NAT-ing routers that get in trouble with torrents because of the heavy volume of state rules required, but I've never heard of anything like that being present in pf. And I've used torrent clients at home behind a pf firewall with no issues, but not on this specific version of the FreeBSD. I've tried shutting down the torrent client, clearing out the state and nat rules with pfctl, adding drop rules to reject the torrent traffic, and even bringing the network adapter down completely, but only a physical reboot (combined with not running the client ever again) seems to solve anything. Has anyone experienced this kind of problem before? Or alternatively, is there some way besides tcpdump and top (neither of which show anything unusual) that I can tell what exactly the machine is doing that's causing the network lag? --Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A6A1FEB.9030001>