Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 23 May 2006 11:36:28 -0700 (PDT)
From:      ANE <ane8610@yahoo.com>
To:        freebsd-ipfw@freebsd.org
Subject:   slow pings after enabling ipfw+dummynet?
Message-ID:  <20060523183628.44765.qmail@web51406.mail.yahoo.com>

Next in thread | Raw E-Mail | Index | Archive | Help
After enabling ipfw+dummynet, ping times, even to 127.0.0.1,
increase from avg .025ms to 2500ms.  Local pings occasionally drop
packets with "No buffer space available".  I set
kern.ipc.maxsockbuf=8388608 which alleviates the frequency of buffer
errors somewhat, but the huge ping times and pauses/timeouts
accessing the machine via the network (SSH, sending/receiving email)
still occur.

If ipfw is disabled, everything returns to normal.  (very low ms,
quick access via the network)

Any ideas why this is happening?



Config:

FreeBSD 4.10 with Intel NIC (fxp0)
manually set full-duplex on both server & router

/usr/src/sys/i386/conf/DNET (kernel config file)
options IPFIREWALL              # allow firewall construction
options IPFIREWALL_VERBOSE      # logging
options DUMMYNET                # traffic shaping
options IPFIREWALL_DEFAULT_TO_ACCEPT    # not using packet filtering
just traffic shaping
options HZ=1000                 # recommended in dummynet man page

/etc/rc.conf
# ref:
http://www.onlamp.com/pub/a/bsd/2001/07/26/Big_Scary_Daemons.html?page=2
# ref: http://www.muine.org/~hoang/freenat.html
firewall_enable="YES"
firewall_script="/etc/rc.dummynet"
firewall_type="open"
firewall_logging="YES"

/etc/rc.dummynet
# Flush any old rules laying around
ipfw -f flush
# Allow everything in and out
ipfw add 1000 pipe 1 ip from any to any
# Limit to 512Kbit/s
ipfw pipe 1 config bw 512Kbit/s

Make buffer size 8MB instead of 256K to lessen "no buffer space
available" ping failures:
>sysctl -w kern.ipc.maxsockbuf=8388608

Do I have something configured wrong in /etc/rc.dummynet?

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20060523183628.44765.qmail>