Date: Thu, 08 Apr 1999 10:30:37 -0400 From: Phil Wang <Phil.Wang@wizeup.com> To: Alan Weber <aaweber@austin.rr.com>, andyo@prime.net.ua Cc: questions@freebsd.org Subject: Re: FreeBSD server too slow for internals Message-ID: <370CBD8D.B24D834C@wizeup.com> References: <353CD4ED.37E7FCFA@wizeup.com> <370933AB.28F5D255@wizeup.com> <19990406133756.A728@austin.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you all.
I do not solve the problem yet, and would like to offer the further
info.
1. My FreeBSD machine is a gateway which bridges Internet and an
internal network.
209.83.165.224 ------------ 192.168.1.1
Internet <---------------0 Gateway 0-------------> internal
------------
2. It is not a DNS problem since the elapsed time is similar to ping
192.168.1.1 and 209.83.165.224 on the gateway or an internal machine.
3. It is not a firewall problem becasue NATD did not work only in that
period. NATD works well now and any internal machines access Internet
without an obvoius delay.
4. I have tested local TELNET and FTP on the gateway, and the result is
that telnet and ftp to 209.83.165.224 take less than 1 second and but
that telnet and ftp to 192.168.1.1 take 3 minutes. They are local
connections!
If somebody attacked this gateway, what had he done?
Looking forward to your reply.
Phil
>
> On Mon, Apr 05, 1999 at 06:05:31PM -0400, Phil Wang wrote:
> --> Hi all,
>
> --> I got a strange problem with my FreeBSD 2.2.5 machine, which is used as
> --> mail/pop3, ftp and httpd servers. Two network interface cards are
> --> installed on it, one is used to connect Internet, another is to connect
> --> an internal network. All machines (PC and MACs) internal network use
> --> NATD to do external access.
>
> --> This morning, we found at first that a pop3 client took more than 5
> --> minutes to download emails from this pop3 server (sometimes failed), and
> --> later found that ftp and httpd services did too. It was very quick last
> --> Thursday, this machine was not turned down during the following
> --> holidays.
>
> --> But it looks no slow to access those servers from external Internet or
> --> access Internet from internal machines. So, what is the problem?
>
> --> I checked all the logs outputed from system processes, only one message
> --> repeated several times in /var/log/message may be useful.
>
> --> <First appeared>
> --> Apr 2 11:08:19 wizeup natd: failed to write packet back (Permission
> --> denied)
> --> Apr 2 11:08:49 wizeup natd: failed to write packet back (Permission
> --> denied)
> --> Apr 2 11:10:54 wizeup last message repeated 4 times
> --> Apr 2 11:13:10 wizeup last message repeated 4 times
> --> Apr 2 11:13:21 wizeup popper[11123]: (v2.4b2) Unable to get canonical
> --> name of c
> --> lient, err = 0
>
> This looks like the server can not find itself in the DNS system. If your
> local DNS is not working, then all of the connections could take a long
> time. Unable to get cannonical name of client indicates to me that the
> reverse dns ip number to name lookup is not working.
>
> --> Does any body help it?
>
> --> Thanks,
> --> Phil
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?370CBD8D.B24D834C>