Date: Wed, 24 May 2006 18:29:09 +0300 From: vladone <vladone@spaingsm.com> To: ipfw@freebsd.org Subject: Re: slow pings after enabling ipfw+dummynet? Message-ID: <121788539.20060524182909@spaingsm.com> In-Reply-To: <20060523183628.44765.qmail@web51406.mail.yahoo.com> References: <20060523183628.44765.qmail@web51406.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello ANE, Tuesday, May 23, 2006, 9:36:28 PM, you wrote: > After enabling ipfw+dummynet, ping times, even to 127.0.0.1, > increase from avg .025ms to 2500ms. Local pings occasionally drop > packets with "No buffer space available". I set > kern.ipc.maxsockbuf=8388608 which alleviates the frequency of buffer > errors somewhat, but the huge ping times and pauses/timeouts > accessing the machine via the network (SSH, sending/receiving email) > still occur. > If ipfw is disabled, everything returns to normal. (very low ms, > quick access via the network) > Any ideas why this is happening? > Config: > FreeBSD 4.10 with Intel NIC (fxp0) > manually set full-duplex on both server & router > /usr/src/sys/i386/conf/DNET (kernel config file) > options IPFIREWALL # allow firewall construction > options IPFIREWALL_VERBOSE # logging > options DUMMYNET # traffic shaping > options IPFIREWALL_DEFAULT_TO_ACCEPT # not using packet filtering > just traffic shaping > options HZ=1000 # recommended in dummynet man page > /etc/rc.conf > # ref: > http://www.onlamp.com/pub/a/bsd/2001/07/26/Big_Scary_Daemons.html?page=2 > # ref: http://www.muine.org/~hoang/freenat.html > firewall_enable="YES" > firewall_script="/etc/rc.dummynet" > firewall_type="open" > firewall_logging="YES" > /etc/rc.dummynet > # Flush any old rules laying around > ipfw -f flush > # Allow everything in and out > ipfw add 1000 pipe 1 ip from any to any > # Limit to 512Kbit/s > ipfw pipe 1 config bw 512Kbit/s > Make buffer size 8MB instead of 256K to lessen "no buffer space > available" ping failures: >>sysctl -w kern.ipc.maxsockbuf=8388608 > Do I have something configured wrong in /etc/rc.dummynet? > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to > "freebsd-ipfw-unsubscribe@freebsd.org" Try to allow traffic via loopback interface: ipfw add 10 allow ip from any to any via lo0 ipfw add 20 deny ip from any to 127.0.0.1 Second: Try to change packet size (-s parameter) and frequency (-i parameter) in ping command, to see what is happening (see man ping). -- Best regards, vladone mailto:vladone@spaingsm.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?121788539.20060524182909>