From owner-freebsd-pf@FreeBSD.ORG Sun Jun 15 22:28:14 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 477E91065676 for ; Sun, 15 Jun 2008 22:28:14 +0000 (UTC) (envelope-from m.pagulayan@auckland.ac.nz) Received: from mailhost.auckland.ac.nz (larry.its.auckland.ac.nz [130.216.12.34]) by mx1.freebsd.org (Postfix) with ESMTP id D26288FC22 for ; Sun, 15 Jun 2008 22:28:13 +0000 (UTC) (envelope-from m.pagulayan@auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 52CBC18774 for ; Mon, 16 Jun 2008 10:28:11 +1200 (NZST) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (larry.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3brvn9dp+n5v for ; Mon, 16 Jun 2008 10:28:11 +1200 (NZST) Received: from UXCHANGE2.UoA.auckland.ac.nz (uxcn2.itss.auckland.ac.nz [130.216.190.119]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 2123B1872A for ; Mon, 16 Jun 2008 10:28:10 +1200 (NZST) Received: from UXCHANGE1.UoA.auckland.ac.nz ([130.216.190.118]) by UXCHANGE2.UoA.auckland.ac.nz with Microsoft SMTPSVC(6.0.3790.1830); Mon, 16 Jun 2008 10:28:10 +1200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 16 Jun 2008 10:28:10 +1200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: pfsync ignoring stale update Thread-Index: AcjPNxfUY70l3AcbRien62nwnAVDXA== From: "Mark Pagulayan" To: X-OriginalArrivalTime: 15 Jun 2008 22:28:10.0586 (UTC) FILETIME=[179523A0:01C8CF37] Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: pfsync ignoring stale update X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jun 2008 22:28:14 -0000 Hi Guys,=20 =20 I was just wondering if you could help me out with my problem on why state count are different on my Active and Standby FW. The state count on my Standby FW is much bigger than my Active FW. When I did debug mode on the standby FW(pfctl -mx loud) I noticed that there were message saying "pfsync: ignoring stale update". Is this the one causing the state table to unsynchronize? If this is it, any ideas on how to fix this?=20 =20 Here is my setup=20 OS: 7.0-RELEASE FreeBSD 7.0-RELEASE Setup: PF is use as Layer 2 Firewall =20 --------------------- --------------------- - - pfsync - - - Active FW - --------------- Standby FW - - - - - --------------------- --------------------- =20 Failover happens with OSPF.=20 =20 =20 Help would be greatly appreciated.=20 =20 Best Regards,=20 =20 Mark Pagulayan University Of Auckland =20 From owner-freebsd-pf@FreeBSD.ORG Sun Jun 15 23:08:56 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 69A601065675 for ; Sun, 15 Jun 2008 23:08:56 +0000 (UTC) (envelope-from jdc@parodius.com) Received: from mx01.sc1.parodius.com (mx01.sc1.parodius.com [72.20.106.3]) by mx1.freebsd.org (Postfix) with ESMTP id 5762D8FC14 for ; Sun, 15 Jun 2008 23:08:56 +0000 (UTC) (envelope-from jdc@parodius.com) Received: by mx01.sc1.parodius.com (Postfix, from userid 1000) id 47DD51CC060; Sun, 15 Jun 2008 16:08:56 -0700 (PDT) Date: Sun, 15 Jun 2008 16:08:56 -0700 From: Jeremy Chadwick To: Margo =?iso-8859-1?Q?Szathm=E1r?= Message-ID: <20080615230856.GA28450@eos.sc1.parodius.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.17 (2007-11-01) Cc: freebsd-pf@freebsd.org Subject: Re: rdr rules with pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jun 2008 23:08:56 -0000 On Fri, Jun 13, 2008 at 05:34:16PM -0700, Margo Szathmár wrote: > I'm trying to set up jails behind a NAT on my FreeBSD 7.0 box here as I've > only got one IP to play with. I'm currently using pf with the following > configuration: > > ext_if="rl0" > external_addr="x.x.x.x" > internal_net="192.168.222.0/24" > > nat on $ext_if from $internal_net to any -> $external_addr > > rdr on rl0 proto tcp from any to any port 5223 -> 192.168.222.2 > pass in all > pass out all > > The jail in question is sitting on 192.168.222.2 and is able to connect out. > The only problem I'm having is that the rdr statement doesn't seem to be > working. Try adding "pass" to the rdr rule, e.g.: "rdr pass ..." -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | From owner-freebsd-pf@FreeBSD.ORG Mon Jun 16 11:07:01 2008 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B5DCA106568C for ; Mon, 16 Jun 2008 11:07:00 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D6B078FC1F for ; Mon, 16 Jun 2008 11:07:00 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m5GB70xc036799 for ; Mon, 16 Jun 2008 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m5GB707p036795 for freebsd-pf@FreeBSD.org; Mon, 16 Jun 2008 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 16 Jun 2008 11:07:00 GMT Message-Id: <200806161107.m5GB707p036795@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jun 2008 11:07:01 -0000 Current FreeBSD problem reports Critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/111220 pf [pf] repeatable hangs while manipulating pf tables 1 problem total. Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/82271 pf [pf] cbq scheduler cause bad latency o kern/92949 pf [pf] PF + ALTQ problems with latency o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge 5 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/93825 pf [pf] pf reply-to doesn't work s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/114095 pf [carp] carp+pf delay with high state limit o kern/114567 pf [pf] LOR pf_ioctl.c + if.c o kern/118355 pf [pf] [patch] pfctl help message options order false -t o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o kern/121704 pf [pf] PF mangles loopback packets o kern/122773 pf [pf] pf doesn't log uid or pid when configured to 9 problems total. From owner-freebsd-pf@FreeBSD.ORG Wed Jun 18 05:59:21 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3B12F106564A for ; Wed, 18 Jun 2008 05:59:21 +0000 (UTC) (envelope-from lan@rcfd.spb.ru) Received: from rcfd.spb.ru (73.38.leased.lanck.net [62.152.73.38]) by mx1.freebsd.org (Postfix) with ESMTP id D9D848FC1F for ; Wed, 18 Jun 2008 05:59:18 +0000 (UTC) (envelope-from lan@rcfd.spb.ru) Received: from [10.1.2.156] (HELO localhost) by rcfd.spb.ru (CommuniGate Pro SMTP 5.2.0) with ESMTP id 2903738 for freebsd-pf@freebsd.org; Wed, 18 Jun 2008 08:59:14 +0400 Date: Wed, 18 Jun 2008 08:59:13 +0400 From: Alexey Lanetskiy X-Mailer: The Bat! (v3.85.03) Professional Organization: FHCC X-Priority: 3 (Normal) Message-ID: <1354049605.20080618085913@rcfd.spb.ru> To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: reply-to speed issue X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alexey Lanetskiy List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jun 2008 05:59:21 -0000 Hello! I have a freebsd box (7-release) acting as gateway. The topology is very simple. There are 2 ifaces: em0 and em1, pointing to gateway 1 (gw1) and gw2 correspondingly. Here is the "picture": ,------------. (internal LAN)---* FreeBSD/pf *---(WAN / gw1), $ext_if1, $ext_ip1 | *---(WAN / gw2), $ext_if2, $ext_ip2 `------------' There are some servers inside internal LAN, so I have to respond the request from WAN to the same iface. Well, I need following lines inside my pf.conf: nat on $ext_if1 from !(self) to any -> ($ext_if1:0) nat on $ext_if2 from !(self) to any -> ($ext_if2:0) # example of some internal service, hosted inside the LAN rdr on $ext_if1 proto tcp to port $someport tag IF_1 \ -> $ip_internal port $someport rdr on $ext_if2 proto tcp to port $someport tag IF_2 \ -> $ip_internal port $someport block in all block out all # example of common services, hosted on freebsd box pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) \ proto tcp from \ to $ext_ip1 port { ftp, ftp-data, 45000:50000 } \ flags S/SA keep state pass in on $ext_if2 reply-to ($ext_if2 $ext_gw2) \ proto tcp from \ to $ext_ip2 port { ftp, ftp-data, 45000:50000 } \ flags S/SA keep state pass in quick reply-to ($ext_if1 $ext_gw1) proto { udp, icmp } \ tagged IF_1 keep state pass in quick reply-to ($ext_if1 $ext_gw1) proto tcp \ tagged IF_1 flags S/SA keep state pass in quick reply-to ($ext_if2 $ext_gw2) proto { udp, icmp } \ tagged IF_2 keep state pass in quick reply-to ($ext_if2 $ext_gw2) proto tcp \ tagged IF_2 flags S/SA keep state Now it works. Connections from outside to both hosted @box & hosted @LAN are estabilishing, data flows, but... strange speed issue detected. Let's shut down pf (pfctl -d) and ftp to any of external ifaces: full speed of iface in both directions. Let's enable pf again, but use pf.conf without any "reply-to" ("route-to"s are still at their places): oops, something wrong with outgoing stream. Look at this numbers: approx. 60kBytes/sec w/o "reply-to" and only 3kBytes/sec with it. Not very nice, isn't it... Let me say some words about the box itself. box: SMP system on single core2duo CPU, 2 em & 1 rl nics. freebsd: default sysctl setup, custom kernel built using GENERIC with following difference: options SCHED_ULE device pf options ALTQ options ALTQ_CBQ options ALTQ_RED options ALTQ_RIO options ALTQ_HFSC options ALTQ_CDNR options ALTQ_PRIQ options ALTQ_NOPCC pf: No queues running, very (less than 10 items) small tables, near 120 rules in pf.conf. Here the question begins: what is the source of such a problem with "reply-to". What should I test, may be on another box or in lab? What manuals should I learn before configure pf any more if there are config mistakes? -- wbr, Alexey. From owner-freebsd-pf@FreeBSD.ORG Wed Jun 18 22:17:35 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2FEC51065685 for ; Wed, 18 Jun 2008 22:17:35 +0000 (UTC) (envelope-from drakyri@hotmail.com) Received: from blu0-omc2-s9.blu0.hotmail.com (blu0-omc2-s9.blu0.hotmail.com [65.55.111.84]) by mx1.freebsd.org (Postfix) with ESMTP id E9D638FC16 for ; Wed, 18 Jun 2008 22:17:34 +0000 (UTC) (envelope-from drakyri@hotmail.com) Received: from BLU109-W34 ([65.55.111.72]) by blu0-omc2-s9.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 18 Jun 2008 15:05:33 -0700 Message-ID: X-Originating-IP: [138.88.159.84] From: Michael Zimmer To: Alexey Lanetskiy , Date: Wed, 18 Jun 2008 22:05:33 +0000 Importance: Normal In-Reply-To: <1354049605.20080618085913@rcfd.spb.ru> References: <1354049605.20080618085913@rcfd.spb.ru> MIME-Version: 1.0 X-OriginalArrivalTime: 18 Jun 2008 22:05:33.0726 (UTC) FILETIME=[6E11FBE0:01C8D18F] Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: RE: reply-to speed issue X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jun 2008 22:17:35 -0000 I don't know if this is restricted to reply-to. I have an almost identical= setup (except, using route-to) and have the same problem. Anyone have any= ideas? =20 thanks, =20 -mike> Date: Wed, 18 Jun 2008 08:59:13 +0400> From: lan@rcfd.spb.ru> To: fr= eebsd-pf@freebsd.org> Subject: reply-to speed issue> > Hello!> > I have a f= reebsd box (7-release) acting as gateway.> The topology is very simple. The= re are 2 ifaces: em0 and em1, pointing to> gateway 1 (gw1) and gw2 correspo= ndingly. Here is the "picture":> > ,------------.> (internal LAN)---* FreeB= SD/pf *---(WAN / gw1), $ext_if1, $ext_ip1> | *---(WAN / gw2), $ext_if2, $ex= t_ip2> `------------'> > There are some servers inside internal LAN, so I h= ave to respond the> request from WAN to the same iface. Well, I need follow= ing lines inside my> pf.conf:> > nat on $ext_if1 from !(self) to any -> ($e= xt_if1:0)> nat on $ext_if2 from !(self) to any -> ($ext_if2:0)> > # example= of some internal service, hosted inside the LAN> rdr on $ext_if1 proto tcp= to port $someport tag IF_1 \> -> $ip_internal port $someport> rdr on $ext_= if2 proto tcp to port $someport tag IF_2 \> -> $ip_internal port $someport>= > block in all> block out all> > # example of common services, hosted on f= reebsd box> pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) \> proto tcp f= rom \> to $ext_ip1 port { ftp, ftp-data, 45000:50000 } \> f= lags S/SA keep state> pass in on $ext_if2 reply-to ($ext_if2 $ext_gw2) \> p= roto tcp from \> to $ext_ip2 port { ftp, ftp-data, 45000:50= 000 } \> flags S/SA keep state> > pass in quick reply-to ($ext_if1 $ext_gw1= ) proto { udp, icmp } \> tagged IF_1 keep state> pass in quick reply-to ($e= xt_if1 $ext_gw1) proto tcp \> tagged IF_1 flags S/SA keep state> pass in qu= ick reply-to ($ext_if2 $ext_gw2) proto { udp, icmp } \> tagged IF_2 keep st= ate> pass in quick reply-to ($ext_if2 $ext_gw2) proto tcp \> tagged IF_2 fl= ags S/SA keep state> > Now it works. Connections from outside to both hoste= d @box & hosted @LAN> are estabilishing, data flows, but... strange speed i= ssue detected.> Let's shut down pf (pfctl -d) and ftp to any of external if= aces: full> speed of iface in both directions.> Let's enable pf again, but = use pf.conf without any "reply-to"> ("route-to"s are still at their places)= : oops, something wrong with> outgoing stream. Look at this numbers: approx= . 60kBytes/sec w/o "reply-to"> and only 3kBytes/sec with it. Not very nice,= isn't it...> > Let me say some words about the box itself.> box: SMP syste= m on single core2duo CPU, 2 em & 1 rl nics.> freebsd: default sysctl setup,= custom kernel built using GENERIC with> following difference:> options SCH= ED_ULE> device pf> options ALTQ> options ALTQ_CBQ> options ALTQ_RED> option= s ALTQ_RIO> options ALTQ_HFSC> options ALTQ_CDNR> options ALTQ_PRIQ> option= s ALTQ_NOPCC> pf: No queues running, very (less than 10 items) small tables= , near 120> rules in pf.conf.> > Here the question begins: what is the sour= ce of such a problem with> "reply-to". What should I test, may be on anothe= r box or in lab? What> manuals should I learn before configure pf any more = if there are config> mistakes?> > -- > wbr, Alexey.> > > > ________________= _______________________________> freebsd-pf@freebsd.org mailing list> http:= //lists.freebsd.org/mailman/listinfo/freebsd-pf> To unsubscribe, send any m= ail to "freebsd-pf-unsubscribe@freebsd.org" _________________________________________________________________ The other season of giving begins 6/24/08. Check out the i=92m Talkathon. http://www.imtalkathon.com?source=3DTXT_EML_WLH_SeasonOfGiving= From owner-freebsd-pf@FreeBSD.ORG Fri Jun 20 12:51:45 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1ECBA106564A for ; Fri, 20 Jun 2008 12:51:45 +0000 (UTC) (envelope-from salvador_d13@yahoo.com.ph) Received: from n11b.bullet.mail.mud.yahoo.com (n11b.bullet.mail.mud.yahoo.com [209.191.125.178]) by mx1.freebsd.org (Postfix) with SMTP id D83CD8FC24 for ; Fri, 20 Jun 2008 12:51:44 +0000 (UTC) (envelope-from salvador_d13@yahoo.com.ph) Received: from [68.142.200.224] by n11.bullet.mail.mud.yahoo.com with NNFMP; 20 Jun 2008 05:29:52 -0000 Received: from [209.191.119.173] by t5.bullet.mud.yahoo.com with NNFMP; 20 Jun 2008 12:38:30 -0000 Received: from [127.0.0.1] by omp104.mail.mud.yahoo.com with NNFMP; 20 Jun 2008 12:38:30 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 51657.27485.bm@omp104.mail.mud.yahoo.com Received: (qmail 29033 invoked by uid 60001); 20 Jun 2008 12:38:28 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.ph; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=5xvakA1wxoRqxBLa3kLJZygixOQym3zGHEdrlHHsH7aUy2bzaKNgHHYadEjKHctre7qYykr1WSQPAZK3e1Wf1Pt6kK0M53uH9VOMeXFjOONvQccGCnsQwvpNtKNStIfTpEQWyJnOjmff1ZYNijXCP2c0GJeuQ8umYQ3CtEfY+AE=; X-YMail-OSG: 3JZTH6cVM1nlMyxWG_dz.fWymh3INDgDOUPpaEl2V7cZ3vxn854- Received: from [58.71.34.137] by web76103.mail.sg1.yahoo.com via HTTP; Fri, 20 Jun 2008 05:38:27 PDT Date: Fri, 20 Jun 2008 05:38:27 -0700 (PDT) From: Diego Salvador To: freebsd-pf@freebsd.org, freebsd-net@freebsd.org MIME-Version: 1.0 Message-ID: <52345.28040.qm@web76103.mail.sg1.yahoo.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: [Queueing Packets with ALTQ on Gigabit Fiber Optic and Gigabit Ethernet] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2008 12:51:45 -0000 Hi, Is there any difference in handling packet queues with ALTQ if the network card is a Gigabit fiber network interface and a Gigabit Ethernet network interface with the same driver? For example (em) driver for Intel-based cards. I'm currently having a system configured with FreeBSD-6.2 RELEASE with PF and ALTQ enabled. This host is configured first with Intel 1-Gigabit Ethernet network card and when it receive big amount of traffic, I don't see any packet errors with netstat but when I switched to the 1-Gigabit fiber optic card, I could see packet errors with this interface. A big amount of traffic were bombarded on the interface around 800Mbps. Here's the sample packet errors received on the system with netstat. Gigabit Intel fiber interface ------------------------------------- # netstat -I em0 -w 1 input (em0) output packets errs bytes packets errs bytes colls 3260 149652 2547816 0 0 0 0 3257 150026 2547756 0 0 0 0 3258 150117 2543396 1 0 42 0 3259 150181 2549320 0 0 0 0 3256 149941 2543244 0 0 0 0 3370 149871 2636122 0 0 0 0 3255 149534 2544688 0 0 0 0 3255 150077 2543966 0 0 0 0 3260 150195 2549320 0 0 0 0 3259 149603 2547816 0 0 0 0 3258 149746 2546312 0 0 0 0 3258 149855 2547756 0 0 0 0 3261 149851 2549320 0 0 0 0 3255 150414 2545410 0 0 0 0 3250 149758 2542282 0 0 0 0 3255 149842 2545410 0 0 0 0 3259 149568 2547756 0 0 0 0 3255 149943 2545502 0 0 0 0 3261 149893 2548658 0 0 0 0 3257 149581 2545530 0 0 0 0 Thank you very much! Diego --------------------------------- Look for jobs - Yahoo! Philippines Search.