Only one concurrent connection in jail possible (5.4)

[service_ist at abwesend.de]

Hi,

I've setup a server with 16 jails using 5.4. Right after bringing it up I
wondered about its bad performance.

CPU load does not increase 30% - and these are pikes when I'm running
Spamassassin. The usual sytem load is 0.00

The problem must be something different. When I installed squid, I noticed
the client take hours to get a webpage. At first, I thougt this might be a
DNS-problem and defined an address for outgoing UDP-connections in squid.
But this didn't help.

For testing, I installed tinyproxy - same problem! I realized, that I
couldn't make any input via the ssh-Connection as long as the client tried
to get a page via the proxy.

It seems as if the jail handels only one concurrent network connection.
Getting a webpage via proxy takes up to 30 or more seconds, the log shows
each file being fetched seperatly with up to 1 second delay between - just
as long as it takes to download one of the files using wget. Usually, the
proxy fetches the files in parallel.

The ssh-connection I'm logged in with stays up - but nothing is transmitted:
The connection freezes and is available again as soon as the proxy-transfer
is completed.

Transfer with other ssh-connections to other jails on that machine or the
host system aren't affected at this time: One can use the ssh-connection
without interference. But I think that they (the jails) are affected by the
same problem when one of their processes opens a network connection - this
would explain the bad performance of the services run in the other jails
(postfix and mailman for example).

The host does not run a paketfilter, DNS resolution in the jails is working.


I'd appreciate help very much since I don't have any idea what this might
come from.

Peter 

-- 
10 GB Mailbox, 100 FreeSMS/Monat http://www.gmx.net/de/go/topmail
+++ GMX - die erste Adresse für Mail, Message, More +++