slow pings after enabling ipfw+dummynet?
ANE
ane8610 at yahoo.com
Tue May 23 11:36:36 PDT 2006
After enabling ipfw+dummynet, ping times, even to 127.0.0.1,
increase from avg .025ms to 2500ms. Local pings occasionally drop
packets with "No buffer space available". I set
kern.ipc.maxsockbuf=8388608 which alleviates the frequency of buffer
errors somewhat, but the huge ping times and pauses/timeouts
accessing the machine via the network (SSH, sending/receiving email)
still occur.
If ipfw is disabled, everything returns to normal. (very low ms,
quick access via the network)
Any ideas why this is happening?
Config:
FreeBSD 4.10 with Intel NIC (fxp0)
manually set full-duplex on both server & router
/usr/src/sys/i386/conf/DNET (kernel config file)
options IPFIREWALL # allow firewall construction
options IPFIREWALL_VERBOSE # logging
options DUMMYNET # traffic shaping
options IPFIREWALL_DEFAULT_TO_ACCEPT # not using packet filtering
just traffic shaping
options HZ=1000 # recommended in dummynet man page
/etc/rc.conf
# ref:
http://www.onlamp.com/pub/a/bsd/2001/07/26/Big_Scary_Daemons.html?page=2
# ref: http://www.muine.org/~hoang/freenat.html
firewall_enable="YES"
firewall_script="/etc/rc.dummynet"
firewall_type="open"
firewall_logging="YES"
/etc/rc.dummynet
# Flush any old rules laying around
ipfw -f flush
# Allow everything in and out
ipfw add 1000 pipe 1 ip from any to any
# Limit to 512Kbit/s
ipfw pipe 1 config bw 512Kbit/s
Make buffer size 8MB instead of 256K to lessen "no buffer space
available" ping failures:
>sysctl -w kern.ipc.maxsockbuf=8388608
Do I have something configured wrong in /etc/rc.dummynet?
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the freebsd-ipfw
mailing list