From owner-freebsd-stable Sun Mar 24 2:39:25 2002 Delivered-To: freebsd-stable@freebsd.org Received: from witchspace.com (pc1-reda4-0-cust134.bre.cable.ntl.com [213.105.81.134]) by hub.freebsd.org (Postfix) with SMTP id 5871C37B41B for ; Sun, 24 Mar 2002 02:39:20 -0800 (PST) Received: (qmail 1165 invoked from network); 24 Mar 2002 10:39:17 -0000 Received: from lexx.witchspace.com (HELO witchspace.com) (192.168.0.1) by dookie.witchspace.com with SMTP; 24 Mar 2002 10:39:17 -0000 Message-ID: <3C9DACD5.8070403@witchspace.com> Date: Sun, 24 Mar 2002 10:39:17 +0000 From: Jonathan Belson User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.9) Gecko/20020323 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jonathan Belson Cc: freebsd-stable@freebsd.org Subject: Re: Network slowdowns... References: <3C9C7D92.1000706@witchspace.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jonathan Belson wrote: > Hiya > > > I've recently been experiencing slowdowns on my server's outgoing > network port, which occur after half a day to a day after the last > reboot. After trying a few things that were suggested to me, I realised what the problem was. Without the DEFAULT_TO_ACCEPT option my DHCP client couldn't re-lease the IP from my ISP's DHCP servers and presumably ended up using an invalid IP.. I've added the following firewall rules: # DHCP ${fwcmd} add pass tcp from any to ${oip} 67 setup ${fwcmd} add pass udp from any to ${oip} 67 ${fwcmd} add pass udp from ${oip} 67 to any ${fwcmd} add pass tcp from any to ${oip} 68 setup ${fwcmd} add pass udp from any to ${oip} 68 ${fwcmd} add pass udp from ${oip} 68 to any and removed the line ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif} which seems to have worked thus far. Cheers, --Jon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message