From owner-freebsd-performance@FreeBSD.ORG Fri Feb 6 15:24:54 2009 Return-Path: Delivered-To: freebsd-performance@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4DCDA1065763 for ; Fri, 6 Feb 2009 15:24:54 +0000 (UTC) (envelope-from alexdehaini@gmail.com) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.29]) by mx1.freebsd.org (Postfix) with ESMTP id EF4B28FC20 for ; Fri, 6 Feb 2009 15:24:53 +0000 (UTC) (envelope-from alexdehaini@gmail.com) Received: by yx-out-2324.google.com with SMTP id 8so387271yxb.13 for ; Fri, 06 Feb 2009 07:24:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=aNQGnfnJb6e8ITfXgoVd0FJMqmTr7XZrGwt+Qej8AJw=; b=UKL0lrrXcqYu+OhqGb8a1JpN146f0S5hpnoCXmEcVKjzq42+3C6Veo58JKgfs1OOyM 1XTBNOvPVGBTtqJQeJ5d6CQRVAtLZfWXsNUEzRqNXIYOlxT5KNCWZ1/c/hGNTI0vkJHA i6SqbT9egcMp01mcEddJ4kyTPde3I0Az+CuV0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=vLO309iMLAGClFNForUgLoYLlaAT5ydf4l2ql/XRpHBCqhXqgUtfGMhyQhEQ6jblxh otzMoObFabEhQ77n3jNTsfINaLjwFUbnN1e86Uhpck730NyR80sUSZkm3yS/fUcc5eCY 725bBtamNTAzNVKyT5ePjKDnadQPz2vrZ16PE= MIME-Version: 1.0 Received: by 10.64.142.5 with SMTP id p5mr1438397qbd.136.1233933892477; Fri, 06 Feb 2009 07:24:52 -0800 (PST) In-Reply-To: References: <4b008f7d0902060644o62a3942lf63ff6689c3b4d94@mail.gmail.com> Date: Fri, 6 Feb 2009 15:24:52 +0000 Message-ID: <4b008f7d0902060724o6817f822ufb3ce8a8f9060fa8@mail.gmail.com> From: Alex Dehaini To: =?ISO-8859-1?Q?Istv=E1n_Szuk=E1cs?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-performance@freebsd.org Subject: Re: Limiting open port RST response from 247 to 200 packets per second X-BeenThere: freebsd-performance@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Performance/tuning List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2009 15:24:55 -0000 I increased net.inet.icmp.icmplim to 2000 but this does not make any change= . Here is my output myserver# sysctl -a | grep net.inet.icmp.icmplim net.inet.icmp.icmplim: 2000 net.inet.icmp.icmplim_output: 1 After increasing inet.icmp.icmplim to 2000 and startign Squid, I don't get the errors below Feb 5 20:39:44 myserver /kernel: Limiting open port RST response from 247 to 200 packets per second Feb 5 20:39:44 myserver /kernel: Limiting open port RST response from 247 to 200 packets per second Feb 5 20:39:45 myserver /kernel: Limiting open port RST response from 239 to 200 packets per second But traffic still drops. Alex On Fri, Feb 6, 2009 at 3:19 PM, Istv=E1n Szuk=E1cs wrot= e: > Hi! > > > lix@test:~$sysctl -a | grep net.inet.icmp.icmplim > net.inet.icmp.icmplim: 200 > net.inet.icmp.icmplim_output: 1 > > > Regards, > Istvan > > On Fri, Feb 6, 2009 at 2:44 PM, Alex Dehaini wrote= : > >> Hi Guys, >> >> I have some issues with Squid on Freebsd. I am running FreeBSD release 4= .9 >> and Squid version 2.5. >> >> I have setup FreeBSD as a bridge so that all traffic from my network can >> transparently pass through the FreeBSD server. I am running Squid on the >> same server and I created an ipfw rule to redirect port 80 to port 3128. >> >> Normally, when Squid is not started - we see traffic close to 30MB flowi= ng >> through the server. Immediately I start squid, the traffic drops to half >> and >> sometimes lower and stays there. When this happens, I have a lot of >> clients >> that will call and complain they can't access the Internet. At the same >> time, I get these log messages >> >> *Feb 5 20:39:44 myserver /kernel: Limiting open port RST response from >> 247 >> to 200 packets per second >> Feb 5 20:39:44 myserver /kernel: Limiting open port RST response from 2= 47 >> to 200 packets per second >> Feb 5 20:39:45 myserver /kernel: Limiting open port RST response from 2= 39 >> to 200 packets per second >> Feb 5 20:39:45 myserver /kernel: Limiting open port RST response from 2= 39 >> to 200 packets per second >> Feb 5 20:39:46 myserver /kernel: Limiting open port RST response from 2= 73 >> to 200 packets per second >> Feb 5 20:39:46 myserver /kernel: Limiting open port RST response from 2= 73 >> to 200 packets per second >> Feb 5 20:39:47 myserver /kernel: Limiting open port RST response from 2= 28 >> to 200 packets per second >> Feb 5 20:39:47 myserver /kernel: Limiting open port RST response from 2= 28 >> to 200 packets per second >> Feb 5 20:39:48 myserver /kernel: Limiting open port RST response from 2= 25 >> to 200 packets per second >> Feb 5 20:39:48 myserver /kernel: Limiting open port RST response from 2= 25 >> to 200 packets per second >> Feb 5 20:39:49 myserver /kernel: Limiting open port RST response from 2= 44 >> to 200 packets per second >> Feb 5 20:39:49 myserver /kernel: Limiting open port RST response from 2= 44 >> to 200 packets per second >> Feb 5 20:39:50 myserver /kernel: Limiting open port RST response from 2= 59 >> to 200 packets per second >> Feb 5 20:39:50 myserver /kernel: Limiting open port RST response from 2= 59 >> to 200 packets per second >> Feb 5 20:39:51 myserver /kernel: Limiting open port RST response from 2= 34 >> to 200 packets per second >> Feb 5 20:39:51 myserver /kernel: Limiting open port RST response from 2= 34 >> to 200 packets per second >> Feb 5 20:39:52 myserver /kernel: Limiting open port RST response from 2= 43 >> to 200 packets per second >> Feb 5 20:39:52 myserver /kernel: Limiting open port RST response from 2= 43 >> to 200 packets per second >> Feb 5 20:39:53 myserver /kernel: Limiting open port RST response from 2= 18 >> to 200 packets per second >> Feb 5 20:39:53 myserver /kernel: Limiting open port RST response from 2= 18 >> to 200 packets per second >> Feb 5 20:39:55 myserver /kernel: Limiting open port RST response from 2= 33 >> to 200 packets per second >> Feb 5 20:39:55 myserver /kernel: Limiting open port RST response from 2= 33 >> to 200 packets per second >> Feb 5 20:39:56 myserver /kernel: Limiting open port RST response from 2= 41 >> to 200 packets per second >> Feb 5 20:39:56 myserver /kernel: Limiting open port RST response from 2= 41 >> to 200 packets per second >> Feb 5 20:39:57 myserver /kernel: Limiting open port RST response from 2= 20 >> to 200 packets per second >> Feb 5 20:39:57 myserver /kernel: Limiting open port RST response from 2= 20 >> to 200 packets per second >> Feb 5 20:39:58 myserver /kernel: Limiting open port RST response from 2= 06 >> to 200 packets per second >> Feb 5 20:39:58 myserver /kernel: Limiting open port RST response from 2= 06 >> to 200 packets per second >> Feb 5 20:40:01 myserver /kernel: Limiting open port RST response from 2= 23 >> to 200 packets per second >> Feb 5 20:40:01 myserver /kernel: Limiting open port RST response from 2= 23 >> to 200 packets per second* >> >> When I stop Squid, everything returns to normal. Any idea what is causin= g >> this. I will appreciate any help. >> >> Thanks >> >> -- >> Alex Dehaini >> Developer >> Site - www.alexdehaini.com >> Email - alexdehaini@gmail.com >> _______________________________________________ >> freebsd-performance@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-performance >> To unsubscribe, send any mail to " >> freebsd-performance-unsubscribe@freebsd.org" >> > > > > -- > the sun shines for all > --=20 Alex Dehaini Developer Site - www.alexdehaini.com Email - alexdehaini@gmail.com