From owner-freebsd-net@FreeBSD.ORG  Mon Nov  6 21:08:42 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E5EC316A407
	for <freebsd-net@freebsd.org>; Mon,  6 Nov 2006 21:08:42 +0000 (UTC)
	(envelope-from amarat@ksu.ru)
Received: from zealot.ksu.ru (zealot.ksu.ru [194.85.245.161])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3988D43D4C
	for <freebsd-net@freebsd.org>; Mon,  6 Nov 2006 21:08:41 +0000 (GMT)
	(envelope-from amarat@ksu.ru)
Received: from [127.0.0.1] (localhost.lnet [127.0.0.1])
	by zealot.ksu.ru (8.13.8/8.13.8) with ESMTP id kA6L8X8J081047
	for <freebsd-net@freebsd.org>; Tue, 7 Nov 2006 00:08:34 +0300 (MSK)
	(envelope-from amarat@ksu.ru)
Message-ID: <454FA451.2030407@ksu.ru>
Date: Tue, 07 Nov 2006 00:08:33 +0300
From: "Marat N.Afanasyev" <amarat@ksu.ru>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.7.13) Gecko/20060514
X-Accept-Language: ru, en
MIME-Version: 1.0
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: a very strange netstat output and problem when using transparent
 proxy
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2006 21:08:43 -0000

Hello!

I've encountered a very strange situation about two hours ago. I use 
squid as transparent proxy and forward all the packets from port 80 to 
port 8000. Problem is, first of all, I have a lot of ierrs on interface 
when looking to interface stats using netstat. The second problem is far 
more serious: after a short period of time I have a completely frozen 
system that can only send data, but very rarely receive and generates a 
huge amount of ierrs on interface.

ipfw rules are as follows:

00001 allow ip from any to any via lo0
00002 deny ip from any to 127.0.0.0/8
00003 deny ip from 127.0.0.0/8 to any
00010 fwd xx.xx.xx.xx,8000 tcp from any to me dst-port 80
65535 allow ip from any to any

problem with ierrs disappears after I delete rule with forward, but I 
need this rule :(

-- 
SY, Marat