Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 May 2006 18:29:09 +0300
From:      vladone <vladone@spaingsm.com>
To:        ipfw@freebsd.org
Subject:   Re: slow pings after enabling ipfw+dummynet?
Message-ID:  <121788539.20060524182909@spaingsm.com>
In-Reply-To: <20060523183628.44765.qmail@web51406.mail.yahoo.com>
References:  <20060523183628.44765.qmail@web51406.mail.yahoo.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hello ANE,

Tuesday, May 23, 2006, 9:36:28 PM, you wrote:

> After enabling ipfw+dummynet, ping times, even to 127.0.0.1,
> increase from avg .025ms to 2500ms.  Local pings occasionally drop
> packets with "No buffer space available".  I set
> kern.ipc.maxsockbuf=8388608 which alleviates the frequency of buffer
> errors somewhat, but the huge ping times and pauses/timeouts
> accessing the machine via the network (SSH, sending/receiving email)
> still occur.

> If ipfw is disabled, everything returns to normal.  (very low ms,
> quick access via the network)

> Any ideas why this is happening?



> Config:

> FreeBSD 4.10 with Intel NIC (fxp0)
> manually set full-duplex on both server & router

> /usr/src/sys/i386/conf/DNET (kernel config file)
> options IPFIREWALL              # allow firewall construction
> options IPFIREWALL_VERBOSE      # logging
> options DUMMYNET                # traffic shaping
> options IPFIREWALL_DEFAULT_TO_ACCEPT    # not using packet filtering
> just traffic shaping
> options HZ=1000                 # recommended in dummynet man page

> /etc/rc.conf
> # ref:
> http://www.onlamp.com/pub/a/bsd/2001/07/26/Big_Scary_Daemons.html?page=2
> # ref: http://www.muine.org/~hoang/freenat.html
> firewall_enable="YES"
> firewall_script="/etc/rc.dummynet"
> firewall_type="open"
> firewall_logging="YES"

> /etc/rc.dummynet
> # Flush any old rules laying around
> ipfw -f flush
> # Allow everything in and out
> ipfw add 1000 pipe 1 ip from any to any
> # Limit to 512Kbit/s
> ipfw pipe 1 config bw 512Kbit/s

> Make buffer size 8MB instead of 256K to lessen "no buffer space
> available" ping failures:
>>sysctl -w kern.ipc.maxsockbuf=8388608

> Do I have something configured wrong in /etc/rc.dummynet?

> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to
> "freebsd-ipfw-unsubscribe@freebsd.org"
Try to allow traffic via loopback interface:
ipfw add 10 allow ip from any to any via lo0
ipfw add 20 deny ip from any to 127.0.0.1

Second:
Try to change packet size (-s parameter) and frequency (-i parameter) in ping command, to see what
is happening (see man ping).


-- 
Best regards,
 vladone                            mailto:vladone@spaingsm.com




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?121788539.20060524182909>