From owner-freebsd-stable@FreeBSD.ORG Fri Jul 24 21:18:15 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 016F51065670 for ; Fri, 24 Jul 2009 21:18:15 +0000 (UTC) (envelope-from peter@simons-rock.edu) Received: from hedwig.simons-rock.edu (hedwig.simons-rock.edu [208.81.88.14]) by mx1.freebsd.org (Postfix) with ESMTP id BBD5A8FC12 for ; Fri, 24 Jul 2009 21:18:14 +0000 (UTC) (envelope-from peter@simons-rock.edu) Received: from cesium.hyperfine.info (c2.8d.5646.static.theplanet.com [70.86.141.194]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by hedwig.simons-rock.edu (Postfix) with ESMTP id B28392BB345; Fri, 24 Jul 2009 17:18:13 -0400 (EDT) Date: Fri, 24 Jul 2009 17:18:12 -0400 From: "Peter C. Lai" To: Mike Edenfield Message-ID: <20090724211812.GI31463@cesium.hyperfine.info> References: <4A6A1FEB.9030001@kutulu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4A6A1FEB.9030001@kutulu.org> User-Agent: Mutt/1.5.17 (2007-11-01) Cc: freebsd-stable@freebsd.org Subject: Re: Torrent clients bring pf-based firewall to its knees...? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jul 2009 21:18:15 -0000 If only a reboot solves the problem sounds like a kernel problem? mbuf leakage? On 2009-07-24 04:56:11PM -0400, Mike Edenfield wrote: > I've recently begun running a torrent client after hours on a PC sitting > behind our firewall (7.2-STABLE using pf). I have added a 'rdr' rule to > redirect incoming traffic to the client PC from the firewall, and as far as > the client is concerned everything is fine. > > However, after a short period of torrent activity, the machine running the > firewall becomes extremely slow and lagged for all network traffic, but > appears to be operating fine locally. Remote connections via ssh become > extremely unresponsive, and eventually connections start timing out, but > when logged in at the console, there doesn't appear to be any problem. > Running tcpdump does not show nusually high volume of traffic, no more than > I see during normal activity during the day. The volume and length of > connections doesn't seem to matter much -- trying to copy a BSD or Linux > DVD with hundreds of connections breaks just as quickly as much smaller > torrents with a handful of peers. > > I know there are some cheap NAT-ing routers that get in trouble with > torrents because of the heavy volume of state rules required, but I've > never heard of anything like that being present in pf. And I've used > torrent clients at home behind a pf firewall with no issues, but not on > this specific version of the FreeBSD. > > I've tried shutting down the torrent client, clearing out the state and nat > rules with pfctl, adding drop rules to reject the torrent traffic, and even > bringing the network adapter down completely, but only a physical reboot > (combined with not running the client ever again) seems to solve anything. > > Has anyone experienced this kind of problem before? Or alternatively, is > there some way besides tcpdump and top (neither of which show anything > unusual) that I can tell what exactly the machine is doing that's causing > the network lag? > > --Mike > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- =========================================================== Peter C. Lai | Bard College at Simon's Rock Systems Administrator | 84 Alford Rd. Information Technology Svcs. | Gt. Barrington, MA 01230 USA peter AT simons-rock.edu | (413) 528-7428 ===========================================================