netra t1 as a firewall
Pyun YongHyeon
yongari at kt-is.co.kr
Tue Dec 21 00:07:08 PST 2004
On Tue, Dec 21, 2004 at 05:27:34PM +1100, Andrew Thomson wrote:
> All,
>
> This may be kind of a loose comment but I thought I'd float it as most
> of my experience is with i386 freebsd not sparc.
>
> Basically at a site I have installed a Netra T1 as a firewall - worked
> out well as it had a lot of nics in it, hme[0-5].
>
> I originally installed 5.2.1 on it but soon discovered that the hme
> driver in 5.2.1 didn't allocate different mac addresses! Upgraded to 5.3
> and that problem disappeared.
>
> This firewall runs a simple office network providing internet access and
> has a couple of IPSEC VPNs to other sites.
>
> After the initial install, the network seemed to be "hanging" when
> running simple commands on remote boxes, top, ls -al etc.. The MTU was
> changed was to 1492 which seemed to resolve the problem.
>
> However now when we try to transfer files across the VPN, the transfers
> just stall. If the mtu is changed back to 1500, the transfers across the
> VPN work but then the network hang returns until the mtu is dropped to
> 1492 again - it's pretty weird.
>
> Basically I just thought I'd float the problem here just to make sure
> I'm not running into any known sparc related issues..
>
> My /var/log/messages is filled with these...
>
> hme2: discard oversize frame (ether type 800 flags 3 len 1514 > max
> 1506)
> hme2: discard oversize frame (ether type 800 flags 3 len 1514 > max
> 1506)
> hme2: discard oversize frame (ether type 800 flags 3 len 1514 > max
> 1506)
> hme2: discard oversize frame (ether type 800 flags 3 len 1514 > max
> 1506)
>
ether type 0x800 -> IP protocol
m->m_flags 0x03 -> M_EXT | M_PKTHDR
So I guess you have link negotiation problem. Check netstat(1) for
collision counter. If you see high number of collision counter, try
to force negotation media type/option with ifconfig(8)
> Any thoughts appreciated.
>
> Regards,
>
> ajt.
>
>
> --
> Andrew Thomson <andrewjt at applecomm.net>
>
--
Regards,
Pyun YongHyeon
http://www.kr.freebsd.org/~yongari | yongari at freebsd.org
More information about the freebsd-sparc64
mailing list