Hi,
We've got OpenBSD running as firewall and router for a 100Mbps connection.
Our internal network is working OK.
However, when someone from outside tries to reach one of our servers,
there is a delay and the initial packets get lost. For example:
$ sleep 20 && ping -c 10 2.4.1.2 ; sleep 1 ; ping -c 10 2.4.1.2
PING 2.4.1.2 (2.4.1.2 ): 56 data bytes
64 bytes from 2.4.1.2 : icmp_seq=4 ttl=53 time=52.920 ms
64 bytes from 2.4.1.2 : icmp_seq=5 ttl=53 time=83.140 ms
64 bytes from 2.4.1.2 : icmp_seq=6 ttl=53 time=56.117 ms
64 bytes from 2.4.1.2 : icmp_seq=7 ttl=53 time=54.808 ms
64 bytes from 2.4.1.2 : icmp_seq=8 ttl=53 time=50.646 ms
64 bytes from 2.4.1.2 : icmp_seq=9 ttl=53 time=54.353 ms
--- 2.4.1.2 ping statistics ---
10 packets transmitted, 6 packets received, 40.0% packet loss
round-trip min/avg/max/std-dev = 50.646/57.989/83.140/9.234 ms
PING 2.4.1.2 (2.4.1.2 ): 56 data bytes
64 bytes from 2.4.1.2 : icmp_seq=0 ttl=53 time=65.971 ms
64 bytes from 2.4.1.2 : icmp_seq=1 ttl=53 time=53.914 ms
64 bytes from 2.4.1.2 : icmp_seq=2 ttl=53 time=54.694 ms
64 bytes from 2.4.1.2 : icmp_seq=3 ttl=53 time=53.558 ms
64 bytes from 2.4.1.2 : icmp_seq=4 ttl=53 time=54.460 ms
64 bytes from 2.4.1.2 : icmp_seq=5 ttl=53 time=55.024 ms
64 bytes from 2.4.1.2 : icmp_seq=6 ttl=53 time=56.371 ms
64 bytes from 2.4.1.2 : icmp_seq=7 ttl=53 time=57.448 ms
64 bytes from 2.4.1.2 : icmp_seq=8 ttl=53 time=58.092 ms
64 bytes from 2.4.1.2 : icmp_seq=9 ttl=53 time=64.586 ms
--- 2.4.1.2 ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 53.558/57.411/65.971/4.196 ms
batman:1775:$
Tcpdumping both external and internal interfaces shows all 10 packets
from first ping coming through external interface, but they aren't
forwarded to internal iface.
It is reproducible just by sleeping 20 seconds and pinging. Initial
packet loss is random. I've seen 10% through 50% packet loss.
If we try this same procedure in the firewall itself, there is no packet loss.
dmesg follows:
OpenBSD 4.0-beta (GENERIC.MP) #915: Mon Aug 21 21:35:32 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Xeon(TM) CPU 2.80GHz ("GenuineIntel" 686-class) 2.80 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MW
AIT,DS-CPL,CNXT-ID,CX16
real mem = 3220537344 (3145056K)
avail mem = 2944249856 (2875244K)
using 4256 buffers containing 161128448 bytes (157352K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 09/02/04, BIOS32 rev. 0 @
0xffe90, SMBIOS rev. 2.3 @ 0xf9bb0 (87 entries)
bios0: Dell Computer Corporation PowerEdge 1850
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x10000
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb270/272 (15 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801EB/ER LPC" rev 0x00)
pcibios0: PCI bus #9 is the last bus
bios0: ROM list: 0xc0000/0xb000! 0xcb000/0x1000 0xcc000/0x3c00
0xd0000/0x2200 0xd2800/0x1000 0xd3800/0x600 0xec000/0x4000!
ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4
mainbus0: Intel MP Specification (Version 1.4) (DELL PE 016C )
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 199 MHz
cpu1 at mainbus0: apid 6 (application processor)
cpu1: Intel(R) Xeon(TM) CPU 2.80GHz ("GenuineIntel" 686-class) 2.80 GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MW
AIT,DS-CPL,CNXT-ID,CX16
mainbus0: bus 0 is type PCI
mainbus0: bus 1 is type PCI
mainbus0: bus 2 is type PCI
mainbus0: bus 3 is type PCI
mainbus0: bus 4 is type PCI
mainbus0: bus 5 is type PCI
mainbus0: bus 6 is type PCI
mainbus0: bus 7 is type PCI
mainbus0: bus 8 is type PCI
mainbus0: bus 9 is type PCI
mainbus0: bus 10 is type ISA
ioapic0 at mainbus0: apid 8 pa 0xfec00000, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 8
ioapic1 at mainbus0: apid 9 pa 0xfec80000, version 20, 24 pins
ioapic1: misconfigured as apic 0, remapped to apid 9
ioapic2 at mainbus0: apid 10 pa 0xfec83000, version 20, 24 pins
ioapic2: misconfigured as apic 0, remapped to apid 10
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel E7520 MCH" rev 0x09
ppb0 at pci0 dev 2 function 0 "Intel MCH PCIE" rev 0x09
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "Intel IOP332 PCIE-PCIX" rev 0x06
pci2 at ppb1 bus 2
ami0 at pci2 dev 14 function 0 "Dell PERC 4e/Di" rev 0x06: apic 9 int 14 (irq 7)
ami0: Dell 16c, 32b, FW 513O, BIOS vH418, 256MB RAM
ami0: 1 channels, 0 FC loops, 1 logical drives
scsibus0 at ami0: 40 targets
sd0 at scsibus0 targ 0 lun 0: <AMI, Host drive #00, > SCSI2 0/direct fixed
sd0: 139760MB, 139760 cyl, 64 head, 32 sec, 512 bytes/sec, 286228480 sec total
scsibus1 at ami0: 16 targets
safte0 at scsibus1 targ 6 lun 0: <PE/PV, 1x2 SCSI BP, 1.0> SCSI2
3/processor fixed
ppb2 at pci1 dev 0 function 2 "Intel IOP332 PCIE-PCIX" rev 0x06
pci3 at ppb2 bus 3
fxp0 at pci3 dev 11 function 0 "Intel 8255x" rev 0x0d, i82550: apic 9
int 5 (irq 3), address 00:0e:0c:60:00:8d
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
ppb3 at pci0 dev 4 function 0 "Intel MCH PCIE" rev 0x09
pci4 at ppb3 bus 4
ppb4 at pci0 dev 5 function 0 "Intel MCH PCIE" rev 0x09
pci5 at ppb4 bus 5
ppb5 at pci5 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
pci6 at ppb5 bus 6
em0 at pci6 dev 7 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05:
apic 10 int 0 (irq 11), address 00:11:43:d2:ec:5a
ppb6 at pci5 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09
pci7 at ppb6 bus 7
em1 at pci7 dev 8 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05:
apic 10 int 1 (irq 3), address 00:11:43:d2:ec:5b
ppb7 at pci0 dev 6 function 0 "Intel MCH PCIE" rev 0x09
pci8 at ppb7 bus 8
uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: apic
8 int 16 (irq 11)
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: apic
8 int 19 (irq 10)
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801EB/ER USB" rev 0x02: apic
8 int 18 (irq 7)
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: apic
8 int 23 (irq 5)
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb8 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xc2
pci9 at ppb8 bus 9
"Dell DRAC 4" rev 0x00 at pci9 dev 5 function 0 not configured
"Dell DRAC 4 Virtual UART" rev 0x00 at pci9 dev 5 function 1 not configured
"Dell DRAC 4 SMIC" rev 0x00 at pci9 dev 5 function 2 not configured
pciide0 at pci9 dev 6 function 0 "CMD Technology PCI0680" rev 0x02
pciide0: bus-master DMA support present
pciide0: channel 0 wired to native-PCI mode
pciide0: using apic 8 int 23 (irq 5) for native-PCI interrupt
atapiscsi0 at pciide0 channel 0 drive 0
scsibus2 at atapiscsi0: 2 targets
sd1 at scsibus2 targ 0 lun 0: <DELL, VSF, 0123> SCSI0 0/direct removable
sd1: drive offline
atapiscsi1 at pciide0 channel 0 drive 1
scsibus3 at atapiscsi1: 2 targets
cd0 at scsibus3 targ 0 lun 0: <DELL, VCD, 0133> SCSI0 5/cdrom removable
sd1(pciide0:0:0): using PIO mode 3
cd0(pciide0:0:1): using PIO mode 3
pciide0: channel 1 wired to native-PCI mode
vga1 at pci9 dev 13 function 0 "ATI Radeon VE QY" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02
pciide1 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02:
DMA, channel 0 configured to compatibility, channel 1 configured
to compatibility
atapiscsi2 at pciide1 channel 0 drive 0
scsibus4 at atapiscsi2: 2 targets
cd1 at scsibus4 targ 0 lun 0: <TEAC, CD-224E, K.9A> SCSI0 5/cdrom removable
cd1(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide1: channel 1 disabled (no drives)
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask 0 netmask 0 ttymask 0
pctr: user-level cycle counter enabled
uhub4 at uhub3 port 3
uhub4: Dell product 0xa001, rev 2.00/0.00, addr 2
uhub4: 2 ports with 2 removable, self powered, multiple transaction translators
uhidev0 at uhub0 port 1 configuration 1 interface 0
uhidev0: Dell DRAC4, rev 1.10/0.00, addr 2, iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub0 port 1 configuration 1 interface 1
uhidev1: Dell DRAC4, rev 1.10/0.00, addr 2, iclass 3/1
ums0 at uhidev1
ums0: X report 0x0002 not supported
dkcsum: sd0 matches BIOS drive 0x80
root on sd0a
rootdev=0x400 rrootdev=0xd00 rawdev=0xd02
carp: pfsync0 demoted group carp to 2
em0: watchdog timeout -- resetting
carp: carp0 demoted group carp to 2
carp: carp0 demoted group carp to 1
em1: watchdog timeout -- resetting
carp: carp1 demoted group carp to 2
carp: carp1 demoted group carp to 1
carp: pfsync0 demoted group carp to 0
Any help is appreciated.
Thanks,
--
Fernando M. Braga
