Date: Fri, 09 Jun 2000 22:58:03 -0500 From: Carroll Kong <damascus@eden.rutgers.edu> To: freebsd-stable@FreeBSD.ORG Subject: 3.4-release box stalling out Message-ID: <4.2.2.20000609224908.03774100@email.eden.rutgers.edu>
next in thread | raw e-mail | index | archive | help
Hi there. 3.4-Release, 64 megs of ram, using ipfilter 3.4.4 with ipnat. Mbufs were at default. Max users were at 64. using ICMP_bandwidth limiting, tcp synfin blocking tcp_rst restrict. Those were the most notable kernel configuration options. The rest was default. Slow degradation of TCP/IP socket opening requests. I.e. Takes a long time to ssh in. (and it is not network traffic as I can ssh to the box next to it fine.). It gets so bad, that soon almost all requests are rejected. OS does not note any wide range DoS attacks. Is there an easy way for me to check? netstat -a i guess? My best guess is not enough mbufs. (sorry, when I did netstat -m, i didn't see the peak.. :( ). I am using ipfilter with full stateful goodness. So maybe it is overflowing somehow? I also thought maybe tcp_rst restrict might be doing something since even though we are not a web server, we are running port 80 requests? ( I guess no relation?). I guess I will run pstat -T; netstat -m next time it happens. I checked 3.4-release errata and no mention of any issues. Is there something I missed? I tried to be as descriptive as possible. If this report is not sufficient, could someone please tell me what else I should describe? Thanks guys! -Carroll Kong To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000609224908.03774100>