From owner-freebsd-ipfw@FreeBSD.ORG Mon Aug 8 09:48:41 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 36DF816A41F for ; Mon, 8 Aug 2005 09:48:41 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from mail.spaingsm.com (llwb135.servidoresdns.net [217.76.137.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD29543D48 for ; Mon, 8 Aug 2005 09:48:39 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from SERVEREL (unknown [85.120.13.6]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.spaingsm.com (Postfix) with ESMTP id 2134E24C973 for ; Mon, 8 Aug 2005 11:35:57 +0200 (CEST) Date: Mon, 8 Aug 2005 12:49:20 +0300 From: vladone X-Mailer: The Bat! (v3.0.1.33) Professional X-Priority: 3 (Normal) Message-ID: <5210286161.20050808124920@spaingsm.com> To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: strange problem with ipfw X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vladone List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Aug 2005 09:48:41 -0000 Hi! I have an freebsd (5.4) server that act as gateway. NAT is done with ipnat and traffic shaping with ipfw+dummynet. I have this problem: server work whell, but after aproximatively 5 min. my private interface stop responding (i dont have ping, nothing). After i give "ipfw flush" and reload ipfw script, my server work again. Where is my problem? My ipfw script is: #!/bin/sh cmd="/sbin/ipfw -q" pif="rl0" lif="fxp0" local_net="192.168.101.0/24" down="250Kbit/s" up="200Kbit/s" games_ports="27005,27010,27015,27016,27017,27018,27019,27020" #flush rules $cmd flush $cmd add 50 allow ip from $local_net to $local_net via $lif $cmd add 200 deny ip from any to any 80 in via $lif $cmd add 200 skipto 300 ip from $local_net to any in via $lif $cmd add 200 skipto 300 ip from any to $local_net out via $lif $cmd add 200 deny ip from any to any via $lif $cmd pipe 1 config bw $down $cmd pipe 2 config bw 128kbits/s mask dst-ip 0xffffff $cmd queue 1 config pipe 1 weight 1 mask dst-ip 0xffffff $cmd add 500 pipe 2 ip from any $games_ports to any out via $lif $cmd add 500 skipto 600 ip from any $games_ports to any out via $lif $cmd add 500 queue 1 ip from any to any out via $lif $pif is public interface and $lif is private interface and my sysctl.conf contain: net.inet.ip.fw.one_pass=0 For moment i resolv this running ipfw script every at 3 min. with crontab but this is not normal solution.