Re: [pfSense Support] packet loss question
On Fri, Mar 20, 2009 at 4:50 AM, Mikel Jimenez Fernandez wrote: > If I check, or dont chek, bad cksum in tcpdump always appear. > > I have to reboot ? You are chasing up the wrong tree. Bad checksums are normal when using checksum offloading, tcpdump shows the packet before the card has calculated the checksum. Disabling this feature will move the checksumming to your cpu and lower throughput. --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] packet loss question
If I check, or dont chek, bad cksum in tcpdump always appear. I have to reboot ? Bill Marquette wrote: On Thu, Mar 19, 2009 at 6:27 PM, Mikel Jimenez Fernandez wrote: I have checked to disable it... Why? --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] packet loss question
On Thu, Mar 19, 2009 at 6:27 PM, Mikel Jimenez Fernandez wrote: > I have checked to disable it... Why? --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] packet loss question
I have checked to disable it... Chris Buechler wrote: On Thu, Mar 19, 2009 at 7:17 PM, Mikel Jimenez Fernandez wrote: Oh yeah!! thanks Is this normal? yes. google checksum offloading. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] packet loss question
On Thu, Mar 19, 2009 at 7:17 PM, Mikel Jimenez Fernandez wrote: > Oh yeah!! thanks > > Is this normal? > yes. google checksum offloading. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] packet loss question
Oh yeah!! thanks Is this normal? This a tcpdump output on LAN interface, pinging from other host of the LAN to this interface. 00:16:22.877965 IP (tos 0x0, ttl 64, id 27505, offset 0, flags [DF], proto ICMP (1), length 84, bad cksum 0 (->babc)!) 10.10.0.99 > 10.10.0.5: ICMP echo reply, id 50985, seq 2988, length 64 00:16:22.878111 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 10.10.0.5 > 10.10.0.99: ICMP echo request, id 50985, seq 2989, length 64 00:16:22.878119 IP (tos 0x0, ttl 64, id 62585, offset 0, flags [DF], proto ICMP (1), length 84, bad cksum 0 (->31b4)!) 10.10.0.99 > 10.10.0.5: ICMP echo reply, id 50985, seq 2989, length 64 00:16:22.878268 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 10.10.0.5 > 10.10.0.99: ICMP echo request, id 50985, seq 2990, length 64 bad cksum... and in tcp conections to... Is this alarmant? 90 % packets bad cksum... Bill Marquette wrote: On Thu, Mar 19, 2009 at 6:09 PM, Mikel Jimenez Fernandez wrote: mm OK I think that I understna sysctl value what mean.. backup:~# ping -f 10.10.0.98 -c 500 PING 10.10.0.98 (10.10.0.98) 56(84) bytes of data. . --- 10.10.0.98 ping statistics --- 500 packets transmitted, 499 received, 0% packet loss, time 160ms rtt min/avg/max/mdev = 0.269/0.296/3.321/0.140 ms, ipg/ewma 0.322/0.282 ms backup:~# ping -f 10.10.0.98 -c 600 PING 10.10.0.98 (10.10.0.98) 56(84) bytes of data. . --- 10.10.0.98 ping statistics --- 600 packets transmitted, 499 received, 16% packet loss, time 1391ms rtt min/avg/max/mdev = 0.227/0.302/2.523/0.104 ms, ipg/ewma 2.323/0.288 ms What exactly mean icmp limit value? It means that the firewall will start dropping ICMP from a host that's spamming the crap out of it like you are. --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] packet loss question
On Thu, Mar 19, 2009 at 6:09 PM, Mikel Jimenez Fernandez wrote: > mm OK > > I think that I understna sysctl value what mean.. > > backup:~# ping -f 10.10.0.98 -c 500 > PING 10.10.0.98 (10.10.0.98) 56(84) bytes of data. > . > --- 10.10.0.98 ping statistics --- > 500 packets transmitted, 499 received, 0% packet loss, time 160ms > rtt min/avg/max/mdev = 0.269/0.296/3.321/0.140 ms, ipg/ewma 0.322/0.282 ms > > backup:~# ping -f 10.10.0.98 -c 600 > PING 10.10.0.98 (10.10.0.98) 56(84) bytes of data. > . > --- 10.10.0.98 ping statistics --- > 600 packets transmitted, 499 received, 16% packet loss, time 1391ms > rtt min/avg/max/mdev = 0.227/0.302/2.523/0.104 ms, ipg/ewma 2.323/0.288 ms > > > What exactly mean icmp limit value? It means that the firewall will start dropping ICMP from a host that's spamming the crap out of it like you are. --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] packet loss question
mm OK I think that I understna sysctl value what mean.. backup:~# ping -f 10.10.0.98 -c 500 PING 10.10.0.98 (10.10.0.98) 56(84) bytes of data. . --- 10.10.0.98 ping statistics --- 500 packets transmitted, 499 received, 0% packet loss, time 160ms rtt min/avg/max/mdev = 0.269/0.296/3.321/0.140 ms, ipg/ewma 0.322/0.282 ms backup:~# ping -f 10.10.0.98 -c 600 PING 10.10.0.98 (10.10.0.98) 56(84) bytes of data. . --- 10.10.0.98 ping statistics --- 600 packets transmitted, 499 received, 16% packet loss, time 1391ms rtt min/avg/max/mdev = 0.227/0.302/2.523/0.104 ms, ipg/ewma 2.323/0.288 ms What exactly mean icmp limit value? Mikel Jimenez Fernandez wrote: Hi [r...@gw ~]# sysctl -a | grep icmp | grep lim net.inet.icmp.icmplim: 500 net.inet.icmp.icmplim_output: 1 net.inet6.icmp6.errppslimit: 100 Is Okay? I dont undertand why this loss packet, other linux hosts in the lan 0.0 % packet loss... Scott Ullrich wrote: On Thu, Mar 19, 2009 at 6:09 PM, Mikel Jimenez Fernandez wrote: Hello I have a firewall with 2 interfaces. WAN and AN and CARP LAN = 10.10.0.99 CARP=10.10.0.100 Is this normal from lan host? backup:~# ping -f 10.10.0.99 PING 10.10.0.99 (10.10.0.99) 56(84) bytes of data. --- 10.10.0.99 ping statistics --- 1118 packets transmitted, 998 received, 10% packet loss, time 1621ms rtt min/avg/max/mdev = 0.090/0.145/0.721/0.038 ms, ipg/ewma 1.452/0.150 ms backup:~# ping -f 10.10.0.100 PING 10.10.0.100 (10.10.0.100) 56(84) bytes of data. . --- 10.10.0.100 ping statistics --- 1658 packets transmitted, 1497 received, 9% packet loss, time 2207ms rtt min/avg/max/mdev = 0.090/0.147/0.778/0.051 ms, ipg/ewma 1.332/0.151 ms Why are you doing such a thing? Sure icmp limiting would step on this? $ sysctl -a | grep icmp | grep lim net.inet.icmp.icmplim: 200 Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] packet loss question
Hi [r...@gw ~]# sysctl -a | grep icmp | grep lim net.inet.icmp.icmplim: 500 net.inet.icmp.icmplim_output: 1 net.inet6.icmp6.errppslimit: 100 Is Okay? I dont undertand why this loss packet, other linux hosts in the lan 0.0 % packet loss... Scott Ullrich wrote: On Thu, Mar 19, 2009 at 6:09 PM, Mikel Jimenez Fernandez wrote: Hello I have a firewall with 2 interfaces. WAN and AN and CARP LAN = 10.10.0.99 CARP=10.10.0.100 Is this normal from lan host? backup:~# ping -f 10.10.0.99 PING 10.10.0.99 (10.10.0.99) 56(84) bytes of data. --- 10.10.0.99 ping statistics --- 1118 packets transmitted, 998 received, 10% packet loss, time 1621ms rtt min/avg/max/mdev = 0.090/0.145/0.721/0.038 ms, ipg/ewma 1.452/0.150 ms backup:~# ping -f 10.10.0.100 PING 10.10.0.100 (10.10.0.100) 56(84) bytes of data. . --- 10.10.0.100 ping statistics --- 1658 packets transmitted, 1497 received, 9% packet loss, time 2207ms rtt min/avg/max/mdev = 0.090/0.147/0.778/0.051 ms, ipg/ewma 1.332/0.151 ms Why are you doing such a thing? Sure icmp limiting would step on this? $ sysctl -a | grep icmp | grep lim net.inet.icmp.icmplim: 200 Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] packet loss question
On Thu, Mar 19, 2009 at 6:09 PM, Mikel Jimenez Fernandez wrote: > Hello > > I have a firewall with 2 interfaces. WAN and AN and CARP > > LAN = 10.10.0.99 > CARP=10.10.0.100 > > Is this normal from lan host? > > > backup:~# ping -f 10.10.0.99 > PING 10.10.0.99 (10.10.0.99) 56(84) bytes of data. > > --- 10.10.0.99 ping statistics --- > 1118 packets transmitted, 998 received, 10% packet loss, time 1621ms > rtt min/avg/max/mdev = 0.090/0.145/0.721/0.038 ms, ipg/ewma 1.452/0.150 ms > backup:~# ping -f 10.10.0.100 > PING 10.10.0.100 (10.10.0.100) 56(84) bytes of data. > . > --- 10.10.0.100 ping statistics --- > 1658 packets transmitted, 1497 received, 9% packet loss, time 2207ms > rtt min/avg/max/mdev = 0.090/0.147/0.778/0.051 ms, ipg/ewma 1.332/0.151 ms Why are you doing such a thing? Sure icmp limiting would step on this? $ sysctl -a | grep icmp | grep lim net.inet.icmp.icmplim: 200 Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org