From owner-freebsd-ipfw Tue Apr 10 3:11:59 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from tech.pcx.si (tech.pcx.si [212.18.46.56]) by hub.freebsd.org (Postfix) with ESMTP id EEFCD37B422; Tue, 10 Apr 2001 03:11:30 -0700 (PDT) (envelope-from cuk@nu.cuk.nu) Received: from nu.cuk.nu (bsd.pcx.si [192.168.1.4]) by tech.pcx.si (Postfix) with ESMTP id 1EE79F8A04; Tue, 10 Apr 2001 12:11:28 +0200 (CEST) Message-ID: <3AD2DCFA.83888C38@nu.cuk.nu> Date: Tue, 10 Apr 2001 12:14:18 +0200 From: Marko Cuk Organization: Pcx computers d.o.o., Tehnika X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-stable@freebsd.org, freebsd-ipfw@freebsd.org Subject: NATd & high internal load - help Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello !! I have problems with high load on FBSD box. First I had the 4.2 STABLE , then I cvsuped to 4.3-RC. Same thing. When high traffic occurs on 100mbit hub, to wich is fxp0 connected, load and processor usage on natd process is very high and after a while it won't pass packets anymore to outside world. The configuration: -Celeron 400 and BX motherboard, 512Mb RAM PC100. -fxp Intel 10/100 cards fxp0 - connected to hub and interface has routable IP, because it has a network behind fxp1 - connected to outside world Routing is working, everything was ok. Then I want to set an alias to fxp0 with 192.168.x.x unregistered class and make NATd working and to hide most of client computers and leave the routable IPs for servers, etc. It's very strange. I have NATd at home and it is working without any problems. The MAXUSERS variable is set to 196 and netstat -m: 261/944/14336 mbufs in use (current/peak/max): 236 mbufs allocated to data 25 mbufs allocated to packet headers 206/438/3584 mbuf clusters in use (current/peak/max) 1112 Kbytes allocated to network (10% of mb_map in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines Top: last pid: 9475; load averages: 0.97, 0.51, 0.35 up 8+09:49:40 11:47:42 48 processes: 4 running, 44 sleeping CPU states: 14.0% user, 0.0% nice, 71.3% system, 9.3% interrupt, 5.4% idle Mem: 170M Active, 246M Inact, 58M Wired, 20M Cache, 61M Buf, 6752K Free Swap: 2000M Total, 48K Used, 2000M Free PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 9475 root 36 0 448K 228K RUN 0:12 28.87% 24.56% ping /etc/rc.conf firewall_enable="YES" firewall_type="/etc/rc.pcx" firewall_script="/etc/rc.firewall" firewall_quiet="YES" natd_program="/sbin/natd" natd_enable="YES" natd_flags="-f /etc/natd.conf" /etc/natd.conf interface fxp1 <-----if I put an IP here, it's the same problem #log yes log_denied yes unregistered_only yes #use_sockets yes #same_ports yes #dynamic yes I also comment those things as Blaz Zupan told me. ipfw natd rule: add 80 divert natd ip from any to any via fxp1 Now I don't have any idea, what to do ? Did I miss something ? What did I do wrong ? I have also 84 ipfw rules for firewall ( most of them reset and deny and a few dummynet pipes ). Is the processor too slow for that ? Cuk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message