From owner-freebsd-stable Fri Oct 25 3:57: 9 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F5DC37B401 for ; Fri, 25 Oct 2002 03:57:07 -0700 (PDT) Received: from lurza.secnetix.de (lurza.secnetix.de [212.66.1.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id E10B943E7B for ; Fri, 25 Oct 2002 03:57:06 -0700 (PDT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (localhost [IPv6:::1]) by lurza.secnetix.de (8.12.6/8.12.5) with ESMTP id g9PAusin072127 for ; Fri, 25 Oct 2002 12:56:54 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.12.6/8.12.5/Submit) id g9PAus8k072126; Fri, 25 Oct 2002 12:56:54 +0200 (CEST) Date: Fri, 25 Oct 2002 12:56:54 +0200 (CEST) Message-Id: <200210251056.g9PAus8k072126@lurza.secnetix.de> From: Oliver Fromme To: freebsd-stable@FreeBSD.ORG Reply-To: freebsd-stable@FreeBSD.ORG Subject: Re: Machine becomes non-responsive, only ^T shows it as alive under l oad: IPFW, TCP proxying In-Reply-To: X-Newsgroups: list.freebsd-stable User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.7-RELEASE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Don Bowman wrote: > I have an application listening on an ipfw 'fwd' rule. > I'm sending ~3K new sessions per second to it. It > has to turn around and issue some of these out as > a proxy, in response to which some of them the destination > host won't exist. > > I have RST limiting on. I'm seeing messages like: > Limiting open port RST response from 1312 to 200 packets per second > > come out sometimes. > > After a while of such operation (~1/2 hour), the machine > becomes unresponsive: the network interfaces no longer respond, > the serial console responds to ^T yielding a status line, > but ^C etc do nothing, and the bash which was there won't > give me a prompt. Maybe you're running out of resources, such as mbufs or mbuf clusters, or filedescriptors or whatever. What's the output of "netstat -m" and "pstat -T" when the machine is under load? Watching "vmstat 5" while the machine is running might be helpful, too. Regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "All that we see or seem is just a dream within a dream" (E. A. Poe) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message