FreeBSD 6.4+ PF Binat =>Degraded traffic after few hours hours.
I have 2 servers running FreeBSD 6.4P#1 with standard SMP and each server has multiple IP alias bind to the bge1, Dell R200. # ifconfig -a bge0: flags=8802 mtu 1500 options=1b ether 00:19:b9:fa:0a:9f media: Ethernet autoselect (none) status: no carrier bge1: flags=8843 mtu 1500 options=1b inet x.x.72.23 netmask 0xff00 broadcast x.x.72.255 inet x.x.72.73 netmask 0xff00 broadcast x.x.72.255 inet x.x.72.74 netmask 0xff00 broadcast x.x.72.255 inet x.x.72.75 netmask 0xff00 broadcast x.x.72.255 inet x.x.72.76 netmask 0xff00 broadcast x.x.72.255 inet x.x.72.77 netmask 0xff00 broadcast x.x.72.255 ether 00:19:b9:fa:0a:a0 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 pflog0: flags=141 mtu 33208 tun0: flags=8051 mtu 1500 inet 10.10.10.1 --> 255.255.0.0 netmask 0x Opened by PID 1224 x.x.72.23 is the main IP and the rest are alias. Tun0 is the address created by openvpn. Following is the pf rules. EXT_IF= "bge1" INT_IF= "tun0" # Configured Networks EXT= "x.x.72.0/24" INT= "10.10.0.0/16" DMZ= "10.10.12.0/24" FW= "x.x.72.23" # DMZ Servers IP Addresses user1="10.10.12.2" user2="10.10.12.6" user3="10.10.12.10" user4="10.10.12.14" user5="10.10.12.18" #External IP Pool Mapping WEB_EXT1= "x.x.72.73" WEB_EXT2= "x.x.72.74" WEB_EXT3= "x.x.72.75" WEB_EXT4= "x.x.72.76" WEB_EXT5= "x.x.72.77" # # NAT: Bi-directional NAT (one-to-one mapping) binat on $EXT_IF inet from $user1 to any -> $WEB_EXT1 binat on $INT_IF inet from $user1 to any -> $WEB_EXT1 binat on $EXT_IF inet from $user2 to any -> $WEB_EXT2 binat on $INT_IF inet from $user2 to any -> $WEB_EXT2 binat on $EXT_IF inet from $user3 to any -> $WEB_EXT3 binat on $INT_IF inet from $user3 to any -> $WEB_EXT3 binat on $EXT_IF inet from $user4 to any -> $WEB_EXT4 binat on $INT_IF inet from $user4 to any -> $WEB_EXT4 binat on $EXT_IF inet from $user5 to any -> $WEB_EXT5 binat on $INT_IF inet from $user5 to any -> $WEB_EXT5 rdr pass on $EXT_IF proto {tcp, udp} from any to $WEB_EXT1 port 1024:65000 -> $user1 rdr pass on $EXT_IF proto {tcp, udp} from any to $WEB_EXT2 port 1024:65000 -> $user2 rdr pass on $EXT_IF proto {tcp, udp} from any to $WEB_EXT3 port 1024:65000 -> $user3 rdr pass on $EXT_IF proto {tcp, udp} from any to $WEB_EXT4 port 1024:65000 -> $user4 rdr pass on $EXT_IF proto {tcp, udp} from any to $WEB_EXT5 port 1024:65000 -> $user5 pass all pass out on $EXT_IF proto {tcp,udp,icmp} from any to any keep state --- It's a very simple pf.rules with no block rules. Main purpose to map vpn user to dedicated public IP. It was working great the last few months but lately it has been giving a terrible performance after a few hours of running the servers. SSH is not accessible, traffic and routing is very slow. Is the anything wrong with above configuration or 6.4 kernel with regards to PF and OpenVPN? The servers are not having any custom setting sysctl.conf or loader.conf or rc.conf except the enabling openvpn, firewall and sshd. Restarting sshd will provide remote access again or rebooting the server. Is there any known memory leaked for pf in this configuration? Is there a better and efficient way of doing this in PF or is it better to use ipfw? When this happen (no ssh), all ping to the alias IPs resulted in timeout. Only the main IP will respond. Server RAM is 1GB and during this issue, top shows ---top last pid: 4163; load averages: 0.36, 0.29, 0.21 up 0+21:10:26 11:11:58 21 processes: 1 running, 20 sleeping CPU: 2.3% user, 0.0% nice, 6.0% system, 3.9% interrupt, 87.8% idle Mem: 15M Active, 233M Inact, 241M Wired, 76K Cache, 111M Buf, 503M Free Swap: 1951M Total, 1951M Free -- Anyone? TIA. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Panic String: kmem_malloc(4096): kmem_map too small: 335544320 total allocated
I have 5 servers running almost at 70mbit/sec and each one of them will crash/reboot after more than 24 hours. The most it can stay up is 48 hours. How do I increase this memory from the default 320MB? This is the log after the crash. Dump header from device /dev/ad4s1b Architecture: i386 Architecture Version: 2 Dump Length: 2145722368B (2046 MB) Blocksize: 512 Dumptime: Mon May 8 11:28:55 2008 Hostname: XXX Magic: FreeBSD Kernel Dump Version String: FreeBSD 6.3-RELEASE #0: Wed Jan 16 04:45:45 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SMP Panic String: kmem_malloc(4096): kmem_map too small: 335544320 total allocated Dump Parity: 1828182091 Bounds: 0 Dump Status: good Is there any option in version 6.3 to increase this? My filesystem, df -h: Filesystem SizeUsed Avail Capacity Mounted on /dev/ad4s1a496M 39M418M 8%/ devfs 1.0K1.0K 0B 100%/dev /dev/ad4s1e496M228K456M 0%/tmp /dev/ad4s1f218G1.3G199G 1%/usr /dev/ad4s1d2.9G258M2.4G 9%/var And fstab: # DeviceMountpoint FStype Options Dump Pass# /dev/ad4s1b noneswapsw 0 0 /dev/ad4s1a / ufs rw 1 1 /dev/ad4s1e /tmpufs rw 2 2 /dev/ad4s1f /usrufs rw 2 2 /dev/ad4s1d /varufs rw 2 2 /dev/cd0/cdrom cd9660 ro,noauto 0 0 TIA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FIFO overflow error
I've been getting a lot of this error on one of my FreeBSD 6.2 boxes. I have 5 other servers running the same configurations as this one and none of them is giving me the error. The only different between this and the other servers is AMD on this one and Intel on the rest. The repeated errors given were: vr0: receive error (0406) overflow vr0: rx error (09): FIFO overflow vr0: rx error (09): FIFO overflow vr0: receive error (0407) overflow vr0: rx error (09): FIFO overflow vr0: receive error (0407) overflow vr0: receive error (0404) overflow vr0: rx error (09): FIFO overflow vr0: receive error (0404) overflow vr0: rx error (09): FIFO overflow vr0: receive error (0404) overflow vr0: rx error (09): FIFO overflow vr0: rx error (09): FIFO overflow vr0: receive error (0407) overflow vr0: rx error (09): FIFO overflow vr0: receive error (0407) overflow vr0: receive error (0404) overflow vr0: rx error (09): FIFO overflow vr0: watchdog timeout vr0: rx error (09): FIFO overflow vr0: receive error (1405) overflow vr0: rx shutdown error! vr0: restarting .. Netstat -m does not shows any memory issues. $ netstat -m 8512/8918/17430 mbufs in use (current/cache/total) 6992/6630/13622/65536 mbuf clusters in use (current/cache/total/max) 6928/6512 mbuf+clusters out of packet secondary zone in use (current/cache) 0/0/0/0 4k (page size) jumbo clusters in use (current/cache/total/max) 0/0/0/0 9k jumbo clusters in use (current/cache/total/max) 0/0/0/0 16k jumbo clusters in use (current/cache/total/max) 16112K/15489K/31601K bytes allocated to network (current/cache/total) 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 0/7/4608 sfbufs in use (current/peak/max) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 1 calls to protocol drain routines Ifconfig shows vr0: flags=8843 mtu 1500 inet 66.90.101.146 netmask 0xff00 broadcast 66.90.101.255 ether 00:17:31:78:e0:f8 media: Ethernet autoselect (100baseTX ) status: active My loader.conf: kern.maxusers=256 kern.maxproc=32768 kern.ipc.nmbclusters=65536 kern.ipc.maxsockets=32768 sysctl.conf kern.maxprocperuid=32768 kern.ipc.somaxconn=32768 kern.ipc.maxsockbuf=16777216 net.inet.ip.portrange.first=3 net.inet.ip.portrange.hifirst=3 net.inet.ip.rtexpire= 1200 net.inet.ip.intr_queue_maxlen=1024 net.inet.tcp.rfc1323=1 net.inet.tcp.mssdflt=1460 net.inet.udp.recvspace=65535 net.inet.udp.maxdgram=57344 net.inet.tcp.sendspace=65535 net.inet.tcp.recvspace=65535 net.local.stream.recvspace=65535 net.local.stream.sendspace=65535 net.inet.tcp.keepidle=72000 net.inet.tcp.keepintvl=1800 net.inet.icmp.icmplim=300 net.inet.tcp.delayed_ack=0 net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 This server is acting as socks5 proxy server connecting to 40-80 users, which will connect to more than 8000-11000 peers. All other servers can push close to 85mbit/sec but this one can only go to a max of 25mbit. Anyone? Is this configuration or hardware problem? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Cannot su or have root access after changing loader.conf
Loader.conf with the following statement disable all su or root access: kern.dfldsiz="1G" kern.maxdsiz="1G" kern.maxssiz=131072 When I add the above 3 lines, all access to su or even single user boot is restricted without any error messages. Is this a bug or "1G" is not supported for maximum data size? My server is a 2GB ram E6600 with 400GB HDD. What are the valid values for these lines? thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, June 11, 2007 8:00 PM To: freebsd-questions@freebsd.org Subject: freebsd-questions Digest, Vol 182, Issue 2 Send freebsd-questions mailing list submissions to freebsd-questions@freebsd.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freebsd.org/mailman/listinfo/freebsd-questions or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of freebsd-questions digest..." Today's Topics: 1. Re: [FreeBSD][Newb] How I use sendmail to send mail? (Doug Hardie) 2. Re: [FreeBSD][Newb] How I use sendmail to send mail? (Bjorn Boulder) 3. Re: [FreeBSD][Newb] How I use sendmail to send mail? (Bjorn Boulder) 4. Re: [FreeBSD][Newb] How I use sendmail to send mail? (Toomas Aas) 5. tcp port error (tethys ocean) 6. Installing FreeBSD on large disk >2TB (Enrique Ayesta Perojo) 7. Re: Installing FreeBSD on large disk >2TB (Andreas Rudisch) 8. Re: [FreeBSD][Newb] How I use sendmail to send mail? (Bjorn Boulder) 9. procmailrc configuration fails (dhaneshk k) 10. Re: Installing FreeBSD on large disk >2TB (Enrique Ayesta Perojo) -- Message: 1 Date: Sun, 10 Jun 2007 21:45:48 -0700 From: Doug Hardie <[EMAIL PROTECTED]> Subject: Re: [FreeBSD][Newb] How I use sendmail to send mail? To: Bjorn Boulder <[EMAIL PROTECTED]> Cc: freebsd-questions@freebsd.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed On Jun 10, 2007, at 21:25, Bjorn Boulder wrote: > Doug, Mats > > Your advice is on the money; thanks. > > I see this: > > Jun 10 05:43:40 jake sendmail[15068]: l5AAhekD015068: > [EMAIL PROTECTED], ctladdr=oracle > (1004/1005), > delay=00:00:00, xdelay=00:00:00, mailer=relay, > pri=30062, > relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, > stat=Deferred: Connection > refused by [127.0.0.1] > > Your tip along with that given by Mats suggests that > I need to learn about /etc/mail/sendmail.cf > > It appears that the box cannot send mail to itself: > > Jun 10 03:05:44 jake sendmail[14546]: l5A84ObZ014546: > to=postmaster, > delay=00:00:00, xdelay=00:00:00, mailer=relay, > pri=154501, > relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: > Connection refused by > [127.0.0.1] > > Jun 10 03:05:44 jake sendmail[14546]: l5485I55093939: > to=root, > ctladdr=root (0/0), delay=6+00:00:26, xdelay=00:00:00, > mailer=relay, > pri=691450, relay=[127.0.0.1], dsn=4.0.0, > stat=Deferred: Connection > refused by [127.0.0.1] > > Jun 10 03:05:44 jake sendmail[14546]: l5485I55093939: > l5A84Oba014546: > sender notify: Cannot send message for 5 days > > Jun 10 03:05:44 jake sendmail[14546]: l5A84Oba014546: > to=root, > delay=00:00:00, xdelay=00:00:00, mailer=relay, > pri=152806, > relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: > Connection refused by > [127.0.0.1] > > Currently, my main assumption is that > /etc/mail/sendmail.cf > is the primary administrative interface for e-mail. That is correct, but you don't want to directly mess with sendmail.cf. You really want to use the mc file and then make to build the cf file. Its much easier and more readable. See /usr/ share/sendmail/cf/readme for more details. The cf files are in another directory from there named cf. You will also want to use sendmail -bv email-address to have sendmail show you how and where it will deliver for the address: email-address. That is a useful tool. -- Message: 2 Date: Sun, 10 Jun 2007 22:02:13 -0700 (PDT) From: Bjorn Boulder <[EMAIL PROTECTED]> Subject: Re: [FreeBSD][Newb] How I use sendmail to send mail? To: Doug Hardie <[EMAIL PROTECTED]> Cc: freebsd-questions@freebsd.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=iso-8859-1 ok, I'll look at that readme. And I nosed around on the box for clues about sendmail.cf It looks like the previous sysadmin ignored sendmail.cf I see this: bash jake oracle /etc/mail 14 $ pwd /etc/mail bash jake oracle /etc/mail 15 $ bash jake oracle /etc/mail 15 $ bash jake oracle /etc/mail 15 $ ls -latr total 582 -rw-r--r-- 1 root wheel569 Nov 4 2004 virtusertable.sample -r--r--r-- 1 root wheel 40449 Nov 4 2004 submit.cf -rw-r--r--