From owner-freebsd-questions Mon Jul 15 3:15:35 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6791937B400 for ; Mon, 15 Jul 2002 03:15:32 -0700 (PDT) Received: from mta7-svc.business.ntl.com (mta7-svc.business.ntl.com [62.253.164.47]) by mx1.FreeBSD.org (Postfix) with ESMTP id 891F443E3B for ; Mon, 15 Jul 2002 03:15:31 -0700 (PDT) (envelope-from FreeBSD@virgin.net) Received: from z402898w ([194.168.3.4]) by mta7-svc.business.ntl.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020715101530.EKKK302.mta7-svc.business.ntl.com@z402898w> for ; Mon, 15 Jul 2002 11:15:30 +0100 From: "Tom" To: Subject: Network Connection Slowing Down Date: Mon, 15 Jul 2002 11:15:31 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Morning all, Heres the situation: I'm using FreeBSD 4.3 installed on a 486 dx with 12MB of RAM as a firewall/router for my home network. The machine has 2 NICs, one connected to the cable modem, and one connected to a hub, which has another 2 PCs (one W2K, one Linux) on it as well. I'm using ipfw with natd to switch traffic between the two nics. For a couple of months after I set it up, I was using a completly open firewall - basically the only rules in rc.firewall were (I paraphrase): 1 flush rules 2 divert everything to natd 3 pass everything and it worked fine - the 486 was up for at least a month without any problems at all. Last weekend I finally got round to fixing the ipfw ruleset, which is now based on the simple firewall set in the default rc.firewall and which works fine. I can use the machines within the network without any problems, and my redirections from outside to my servers work fine as well. The only thing is that since I added the full ruleset (about 40 rules) the connection will start to slow down after the machine has been up for a while - somewhere between 24- 48 hours it seems. This only applies to network connections, but it affects both the internal and external interfaces - web browsing, ftp, everything becomes seriously slow, and even ssh-ing into the 486 from the local network becomes dog slow. However, the machine itself is running fine - memory useage is typically high, with only 340k or so free, but thats normal on this box (it only has 12MB remember), but swap use is minimal, and top shows cpu useage as minimal, with natd usually logging as 0% - which makes me think the problem is happening with ipfw. Rebooting the box will solve the problem instantly, and all will be well for 24 hours or so. I'm guessing the problem is basically a lack of resources on the box, but can anyone suggest a way to clear the problem without rebooting - ideally I'd like something I could script to happen once a day that frees whatever resources ipfw seems to be maxing out on. Any suggestions? Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message