Date: Sat, 05 Mar 2005 11:59:59 -0700 From: "Stephane Raimbault" <segr@hotmail.com> To: freebsd-pf@freebsd.org Subject: nat / rdr timeouts? Message-ID: <BAY24-F33C93C48BE0BBBCECAE301CC5D0@phx.gbl>
next in thread | raw e-mail | index | archive | help
I have a box running FreeBSD 5.3-RELEASE-p5 and I'm running at nat and redirecting port 80 traffic to a couple internal servers. I was running some benchmarks with the apache ab tool and discovered a couple problems popping up. I could run the ab benchmark with the following options no problem: ab -c 5 -n 50 http://<ext ip of nat box>/host.html however as soon as I put the concurrency to 1... ab -c 1 -n 50 http://<ext ip of nat box>/host.html It would inconsistently start blocking and timing out with this error: apr_poll: The timeout specified has expired (70007) Total of 46 requests completed When I noctice that ab gets' hung up... running this pfctl -F state on the nat box seems to fix the problem and ab completes it's test this leads me to guess that something in pf is causing this block to occur based on the states? Possibly to prevent a DoS? Does anyone know what is causing this and if it's a tunable value. here is the pf rules I have for this test. ------------------------ ext_if="em1" int_net="10.0.11.0/27" web_servers = "{ 10.0.11.16,10.0.11.17 }" nat on $ext_if from $int_net to any -> ($ext_if) rdr on $ext_if proto tcp from any to any port 80 -> $web_servers round-robin ------------------------ The problem is also there when I only have one web_servers set instead of 2. Any thougths/ideas are welcome. Thank you, Stephane. _________________________________________________________________ Powerful Parental Controls Let your child discover the best the Internet has to offer. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSNŽ Premium right now and get the first two months FREE*.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY24-F33C93C48BE0BBBCECAE301CC5D0>