Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Apr 2001 12:14:18 +0200
From:      Marko Cuk <cuk@nu.cuk.nu>
To:        freebsd-stable@freebsd.org, freebsd-ipfw@freebsd.org
Subject:   NATd & high internal load - help
Message-ID:  <3AD2DCFA.83888C38@nu.cuk.nu>

Next in thread | Raw E-Mail | Index | Archive | Help
Hello !!

I have problems with high load on FBSD box. First I had the 4.2 STABLE ,
then I cvsuped to 4.3-RC. Same thing.

When high traffic occurs on 100mbit hub, to wich is fxp0 connected, load
and processor usage on natd process is very high and after a while it
won't pass packets anymore to outside world.

The configuration:
-Celeron 400 and BX motherboard, 512Mb RAM PC100.
-fxp Intel 10/100 cards

fxp0 - connected to hub and interface has routable IP, because it has a
network behind
fxp1 - connected to outside world

Routing is working, everything was ok.

Then I want to set an alias to fxp0 with 192.168.x.x unregistered class
and make NATd working and to hide most of client computers and leave the
routable IPs for servers, etc.

It's very strange. I have NATd at home and it is working without any
problems.

The MAXUSERS variable is set to 196 and netstat -m:
261/944/14336 mbufs in use (current/peak/max):
        236 mbufs allocated to data
        25 mbufs allocated to packet headers
206/438/3584 mbuf clusters in use (current/peak/max)
1112 Kbytes allocated to network (10% of mb_map in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines

Top:

last pid:  9475;  load averages:  0.97,  0.51, 
0.35                                                        up
8+09:49:40  11:47:42
48 processes:  4 running, 44 sleeping
CPU states: 14.0% user,  0.0% nice, 71.3% system,  9.3% interrupt,  5.4%
idle
Mem: 170M Active, 246M Inact, 58M Wired, 20M Cache, 61M Buf, 6752K Free
Swap: 2000M Total, 48K Used, 2000M Free

  PID USERNAME PRI NICE  SIZE    RES STATE    TIME   WCPU    CPU COMMAND
 9475 root      36   0   448K   228K RUN      0:12 28.87% 24.56% ping

/etc/rc.conf
firewall_enable="YES"
firewall_type="/etc/rc.pcx"
firewall_script="/etc/rc.firewall"
firewall_quiet="YES"
natd_program="/sbin/natd"
natd_enable="YES"   
natd_flags="-f /etc/natd.conf"

/etc/natd.conf
interface fxp1         <-----if I put an IP here, it's the same problem
#log yes
log_denied yes
unregistered_only yes
#use_sockets yes
#same_ports yes
#dynamic yes
I also comment those things as Blaz Zupan told me.

ipfw natd rule:
add 80 divert natd ip from any to any via fxp1

Now I don't have any idea, what to do ? Did I miss something ? What did
I do wrong ?

I have also 84 ipfw rules for firewall ( most of them reset and deny and
a few dummynet pipes ).
Is the processor too slow for that ?

Cuk

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?3AD2DCFA.83888C38>