From owner-freebsd-performance@FreeBSD.ORG Sat Feb 7 17:05:05 2009 Return-Path: Delivered-To: freebsd-performance@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 902C11065670 for ; Sat, 7 Feb 2009 17:05:05 +0000 (UTC) (envelope-from gofp-freebsd-performance@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 17E018FC0A for ; Sat, 7 Feb 2009 17:05:05 +0000 (UTC) (envelope-from gofp-freebsd-performance@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1LVpuN-0000ml-IL for freebsd-performance@freebsd.org; Sat, 07 Feb 2009 16:19:56 +0000 Received: from 93-138-45-59.adsl.net.t-com.hr ([93.138.45.59]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 07 Feb 2009 16:19:55 +0000 Received: from ivoras by 93-138-45-59.adsl.net.t-com.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 07 Feb 2009 16:19:55 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-performance@freebsd.org From: Ivan Voras Date: Sat, 07 Feb 2009 17:19:15 +0100 Lines: 63 Message-ID: References: <4b008f7d0902060644o62a3942lf63ff6689c3b4d94@mail.gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig777DCA74B662769DF0D10E68" X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 93-138-45-59.adsl.net.t-com.hr User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) In-Reply-To: <4b008f7d0902060644o62a3942lf63ff6689c3b4d94@mail.gmail.com> X-Enigmail-Version: 0.95.7 Sender: news Subject: Re: Limiting open port RST response from 247 to 200 packets per second X-BeenThere: freebsd-performance@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Performance/tuning List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Feb 2009 17:05:05 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig777DCA74B662769DF0D10E68 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Alex Dehaini wrote: > Hi Guys, >=20 > I have some issues with Squid on Freebsd. I am running FreeBSD release = 4.9 > and Squid version 2.5. >=20 > I have setup FreeBSD as a bridge so that all traffic from my network ca= n > transparently pass through the FreeBSD server. I am running Squid on th= e > same server and I created an ipfw rule to redirect port 80 to port 3128= =2E >=20 > Normally, when Squid is not started - we see traffic close to 30MB flow= ing > through the server. Immediately I start squid, the traffic drops to hal= f and > sometimes lower and stays there. When this happens, I have a lot of cli= ents > that will call and complain they can't access the Internet. At the same= > time, I get these log messages >=20 > *Feb 5 20:39:44 myserver /kernel: Limiting open port RST response from= 247 > to 200 packets per second > Feb 5 20:39:44 myserver /kernel: Limiting open port RST response from = 247 > to 200 packets per second > When I stop Squid, everything returns to normal. Any idea what is causi= ng > this. I will appreciate any help. RST response means a client has tried to connect to a TCP port and didn't succeed. In your case, is squid actually doing anything? Are there any traffic in your logs? By increasing icmplim you only lifted the supression of the outgoing RST packets, you didn't solve your problem. --------------enig777DCA74B662769DF0D10E68 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmNtIkACgkQldnAQVacBch+uwCfVbOkCZJXR4iF1nMu36ahLE6J RSkAnAh8O9PsJutnurLh8ompJWG5WxKw =1mj8 -----END PGP SIGNATURE----- --------------enig777DCA74B662769DF0D10E68--