It's getting worse.
Session 2 gave me a "bad nat 4" and during session 3 the PC has rebooted by
itself!!!
See the details below as well as dmesg.
Session 2 :
I was able to download about 700MB without any problem using a direct connection
(crossover) from the PC to the firewall.
Then I decided (without rebooting) to get back to the switch. I did it and
requested a new IP address and within a minute I got my slow down.
At this time I was able to get the following trace.
The interesting one is "bad nat 4". What does that mean ?
Is this because I've added the switch ?
********************************************
$ ipnat -s
mapped in 336721 out 234261
added 1350 expired 1229
no memory 0 bad nat 4
inuse 121
rules 3
wilds 0
*********************************************
$ ipfstat -s
IP states added:
1493 TCP
364 UDP
244 ICMP
2291511 hits
13102 misses
0 maximum
0 no memory
142 bkts in use
149 active
534 expired
1418 closed
Session 3 :
For this round I used :
PC -> Switch -> Firewall -> Cable modem
I've been able to download 700MB without problem (at 380KBps average) then I
started a second download session. I then refreshed ipfstat and ipnat as often
as I could. The last one can be found below.
This time, I didn't get any slower pings but instead I received a HARD RESET !!!
That's the first one I see for the past 2 years on this machine (when runnning
IPcop).
Something is definitely wrong. Any idea ?
PS : I ran MemTest86 overnight (11 times during 7 hours)... not a single error.
$ ipfstat -s
IP states added:
1268 TCP
225 UDP
215 ICMP
4516758 hits
12162 misses
0 maximum
0 no memory
32 bkts in use
32 active
439 expired
1237 closed
$ ipnat -s
mapped in 694645 out 427910
added 466 expired 445
no memory 0 bad nat 0
inuse 21
rules 3
wilds 0
$ dmesg
Copyright (c) 1992-2003 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 4.9-RELEASE-p1 #0: Sat Jan 17 11:54:57 CET 2004
root at nb dot neon1 dot net:/usr/src/sys/compile/M0N0WALL_GENERIC
Timecounter "i8254" frequency 1193182 Hz
CPU: Pentium/P55C (166.40-MHz 586-class CPU)
Origin = "GenuineIntel" Id = 0x544 Stepping = 4
Features=0x8001bf<FPU,VME,DE,PSE,TSC,MSR,MCE,CX8,MMX>
real memory = 167772160 (163840K bytes)
avail memory = 148492288 (145012K bytes)
Preloaded elf kernel "kernel" at 0xc0e0e000.
Preloaded mfs_root "/mfsroot" at 0xc0e0e09c.
Intel Pentium detected, installing workaround for F00F bug
md0: Preloaded image </mfsroot> 10485760 bytes at 0xc040cd90
md1: Malloc disk
Using $PIR table, 5 entries at 0xc00f1cc0
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
rl0: <RealTek 8139 10/100BaseTX> port 0x1000-0x10ff mem 0x44000000-0x440000ff
irq 11 at device 2.0 on pci0
rl0: Ethernet address: 00:48:54:5e:52:83
miibus0: <MII bus> on rl0
rlphy0: <RealTek internal media interface> on miibus0
rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl1: <RealTek 8139 10/100BaseTX> port 0x1400-0x14ff mem 0x44100000-0x441000ff
irq 11 at device 4.0 on pci0
rl1: Ethernet address: 00:48:54:5e:53:14
miibus1: <MII bus> on rl1
rlphy1: <RealTek internal media interface> on miibus1
rlphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
isab0: <VIA 82C586 PCI-ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <VIA 82C586 ATA33 controller> port 0x1c00-0x1c0f at device 7.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
uhci0: <VIA 83C572 USB controller> port 0x1c20-0x1c3f irq 11 at device 7.2 on pci0
usb0: <VIA 83C572 USB controller> on uhci0
usb0: USB revision 1.0
uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
pci0: <unknown card> (vendor=0x1106, dev=0x3040) at 7.3
pci0: <S3 Trio 64V2/DX/GX graphics accelerator> at 15.0 irq 11
orm0: <Option ROMs> at iomem 0xc0000-0xc7fff,0xe7000-0xeffff on isa0
pmtimer0 on isa0
fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <aT Keyboard> flags 0x1 irq 1 on atkbdc0
kbd0 at atkbd0
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
sio1: configured irq 3 not in bitmap of probed irqs 0
RTC BIOS diagnostic error 2
BRIDGE 020214 loaded
IPsec: Initialized Security Association Processing.
IP Filter: v3.4.31 initialized. Default = block all, Logging = enabled
acd0: CD-RW <SAMSUNG CD-R/RW SW-232B> at ata0-master PIO4
Mounting root from ufs:/dev/md0c
Quoting dany underscore list at natzo dot com:
> Here the result of my first session (switch + AP).
>
> In order to see the problem, I've downloaded a big iso image. Unfortunately
> I
> don't have ipfstat and ipnat close enough to the event.
>
> No traffic shapper, no NAT, no Pipe.... only one rule for LAN (the default
> one)
> * LAN net * * * Default LAN -> any
>
> Basicaly after reboot :
>
> $ ipfstat -s
> IP states added:
> 2 TCP
> 6 UDP
> 4 ICMP
> 62 hits
> 29 misses
> 0 maximum
> 0 no memory
> 6 bkts in use
> 6 active
> 6 expired
> 0 closed
>
> $ ipnat -s
> mapped in 3 out 3
> added 3 expired 0
> no memory 0 bad nat 0
> inuse 3
> rules 3
> wilds 0
>
>
>
>
> Some time after :
>
> $ ipfstat -s
> IP states added:
> 581 TCP
> 122 UDP
> 64 ICMP
> 212164 hits
> 10541 misses
> 0 maximum
> 0 no memory
> 207 bkts in use
> 207 active
> 183 expired
> 377 closed
>
> $ ipnat -s
> mapped in 31915 out 18800
> added 270 expired 118
> no memory 0 bad nat 0
> inuse 152
> rules 3
> wilds 0
>
>
> I'm working on a second session where I only have 1 PC connected to the
> firewall
> through a crossover cable.
>
> I'll post my results later on.
>
> Dany
>
>
> Quoting zealot <zealot at tradersguild dot net>:
>
> > Dany wrote:
> >
> > > Fred Weston wrote:
> > >
> > >> Dany wrote:
> > >>
> > >>> Fred Weston wrote:
> > >>>
> > >>>> Dany wrote:
> > >>>>
> > >>>>> Hello,
> > >>>>>
> > >>>>> I wanted to see if m0n0wall could replace my ipcop box which has
> > >>>>> been running for few years now.
> > >>>>> Hardware is an old Compaq Pentium 200MHz with 200MB of memory and
> > >>>>> two realtek NIC, a small switch and a SMC-2655W 802.11b AP.
> > >>>>>
> > >>>>> I used the following CD image (fairly new!) :
> > >>>>> cdrom-pb25r595.iso
> > >>>>> Version: Public Beta Release 25, Build #595
> > >>>>> Release date: 01/17/2004
> > >>>>>
> > >>>>> Everything works fine, I really like it.
> > >>>>> Just after installing it if I ping the firewall from a station I
> > >>>>> get "<10ms" but after let's say 20 minutes (random in fact) it goes
> > >>>>> to 80-100ms. This morning it was over 900ms. In some cases I can't
> > >>>>> even get the firewall webpage so I have to reboot it the cold way.
> > >>>>> Names are taking longer to resolve (if they ever resolve).
> > >>>>>
> > >>>>> Any idea on this performance drop over the time ?
> > >>>>>
> > >>>>> Thank you
> > >>>>> Dany
> > >>>>>
> > >>>>>
> > >>>>>
> ---------------------------------------------------------------------
> > >>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > >>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>> I can't think of any reason off the top of my head as to why you
> > >>>> would see this behaviour. My only suggestion would be to try
> > >>>> removing everything non-essential such as the AP and switch and try
> > >>>> running it for a while with just a single PC connected to it and see
> > >>>> if the problem remains. It sounds like you might be overloading the
> > >>>> MAC table on your switch, but with a setup that small, that seems
> > >>>> unlikely.
> > >>>>
> > >>> Today I got the problem after few hours.
> > >>> Ping started to give long time and then no ping at all for both lan
> > >>> and wan addresses.
> > >>> I then disconnected the switch and AP and connected only one PC to
> > >>> the firewall usign a crossover cable but that didn't solve anything.
> > >>>
> > >>> Dany
> > >>>
> > >>> ---------------------------------------------------------------------
> > >>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > >>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > >>>
> > >>>
> > >>>
> > >> In your setup, are you running ipcop and m0n0 on the same hardware?
> > >> If not, perhaps you could try replacing one or both NICs. It may be
> > >> worthwhile to simply start over with m0n0 by resetting it to
> > >> defaults. Configure only your IP addresses and anything else
> > >> essential for it to function and then see if you still experience the
> > >> same symptoms.
> > >>
> > > same hardware, to run ipcop I reboot with the HDD connected. For
> > > monowall, i just insert the CD and floppy.
> > > This afternoon I restarted from scratch. I just use the DHCP server of
> > > the monowall box to get my clients internet access (no fancy rules or
> > > bandwidth limitation).
> > >
> > > One thing I do is to give a an pre-defined IP address based the MAC
> > > address of each PC (outside the DHCP IP range).
> > >
> > > Dany
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> > Dany,
> >
> > Do you have Traffic Shaper enabled, but no rules created for it?
> >
> > z
> >
> >
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
|
