[ previous ] [ next ] [ threads ]
 
 From:  dany underscore list at natzo dot com
 To:  zealot <zealot at tradersguild dot net>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Network getting slower after 20 minutes - Session 1
 Date:  Sun, 18 Jan 2004 20:22:46 -0600 
Here the result of my first session (switch + AP).

In order to see the problem, I've downloaded a big iso image. Unfortunately I
don't have ipfstat and ipnat close enough to the event.

No traffic shapper, no NAT, no Pipe.... only one rule for LAN (the default one)
 *  	 LAN net  	 *  	 *  	 *  	 Default LAN -> any 

Basicaly after reboot :

$ ipfstat -s
IP states added:
	2 TCP
	6 UDP
	4 ICMP
	62 hits
	29 misses
	0 maximum
	0 no memory
	6 bkts in use
	6 active
	6 expired
	0 closed
	
$ ipnat -s
mapped	in	3	out	3
added	3	expired	0
no memory	0	bad nat	0
inuse	3
rules	3
wilds	0




Some time after :

$ ipfstat -s
IP states added:
	581 TCP
	122 UDP
	64 ICMP
	212164 hits
	10541 misses
	0 maximum
	0 no memory
	207 bkts in use
	207 active
	183 expired
	377 closed	
	
$ ipnat -s
mapped	in	31915	out	18800
added	270	expired	118
no memory	0	bad nat	0
inuse	152
rules	3
wilds	0	


I'm working on a second session where I only have 1 PC connected to the firewall
through a crossover cable.

I'll post my results later on.

Dany


Quoting zealot <zealot at tradersguild dot net>:

> Dany wrote:
> 
> > Fred Weston wrote:
> > 
> >> Dany wrote:
> >>
> >>> Fred Weston wrote:
> >>>
> >>>> Dany wrote:
> >>>>
> >>>>> Hello,
> >>>>>
> >>>>> I wanted to see if m0n0wall could replace my ipcop box which has 
> >>>>> been running for few years now.
> >>>>> Hardware is an old Compaq Pentium 200MHz with 200MB of memory and 
> >>>>> two realtek NIC, a small switch and a SMC-2655W 802.11b AP.
> >>>>>
> >>>>> I used the following CD image (fairly new!) :
> >>>>> cdrom-pb25r595.iso
> >>>>> Version: Public Beta Release 25, Build #595
> >>>>> Release date: 01/17/2004
> >>>>>
> >>>>> Everything works fine, I really like it.
> >>>>> Just after installing it if I ping the firewall from a station I 
> >>>>> get "<10ms" but after let's say 20 minutes (random in fact) it goes 
> >>>>> to 80-100ms. This morning it was over 900ms. In some cases I can't 
> >>>>> even get the firewall webpage so I have to reboot it the cold way. 
> >>>>> Names are taking longer to resolve (if they ever resolve).
> >>>>>
> >>>>> Any idea on this performance drop over the time ?
> >>>>>
> >>>>> Thank you
> >>>>> Dany
> >>>>>
> >>>>>
> >>>>> ---------------------------------------------------------------------
> >>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>>>>
> >>>>>
> >>>>>
> >>>> I can't think of any reason off the top of my head as to why you 
> >>>> would see this behaviour.  My only suggestion would be to try 
> >>>> removing everything non-essential such as the AP and switch and try 
> >>>> running it for a while with just a single PC connected to it and see 
> >>>> if the problem remains.  It sounds like you might be overloading the 
> >>>> MAC table on your switch, but with a setup that small, that seems 
> >>>> unlikely.
> >>>>
> >>> Today I got the problem after few hours.
> >>> Ping started to give long time and then no ping at all for both lan 
> >>> and wan addresses.
> >>> I then disconnected the switch and AP and connected only one PC to 
> >>> the firewall usign a crossover cable but that didn't solve anything.
> >>>
> >>> Dany
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>>
> >>>
> >>>
> >> In your setup, are you running ipcop and m0n0 on the same hardware?  
> >> If not, perhaps you could try replacing one or both NICs.  It may be 
> >> worthwhile to simply start over with m0n0 by resetting it to 
> >> defaults.  Configure only your IP addresses and anything else 
> >> essential for it to function and then see if you still experience the 
> >> same symptoms.
> >>
> > same hardware,  to run ipcop I reboot with the HDD connected. For 
> > monowall, i just insert the CD and floppy.
> > This afternoon I restarted from scratch. I just use the DHCP server of 
> > the monowall box to get my clients internet access (no fancy rules or 
> > bandwidth limitation).
> > 
> > One thing I do is to give a an pre-defined IP address based the MAC 
> > address of each PC (outside the DHCP IP range).
> > 
> > Dany
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
> Dany,
> 
> Do you have Traffic Shaper enabled, but no rules created for it?
> 
> z
> 
>