Hi, I think I've triggered a bug in the ipchains/iptables part of the kernel. Here is the story : The server was a 866MHz PIII with 384 MByte of RAM running RH7.1 with a 2.4.5-ac21 kernel. It was used as a router/firewall with 2 netcards (not sure which type, but I don't think that's important). Using this machine as a plain router was no problem at all, and serving a class C net onto a 3 MBit line was a just a walk in the park, the machine was idle for most of the time. Then we decided to set up transparent proxy and used a pretty standard setup redirecting all port 80 accesses with ipchains to squid. Things worked fine for a while (about 2 hrs) until we noticed that the machine got extremly unresponsive on the console. A 'top' session showed us that the machine was almost a 100% in system time. If we disconnected the some of the segments on the C net, system time went down a bit. We rebooted the machine and noticed that the system time started at zero and went slowly upwards until it reached 100 (after about 2hrs) and we just needed to reboot again. We just disabled the ipchains stuff, and now the server is rock solid with a 'normal' proxy setup (and 100% idle almost all the time). Just for the record : We also tried standard RH7.1 kernels (2.4.2-2 and 2.4.3) with the same results. Any ideas ? Anybody experienced similar behaviour ? It looks like a resource leak somewhere in the IP filter code to me. Regards, -- Steffen Persvold Systems Engineer Email : mailto:[EMAIL PROTECTED] Scali AS (http://www.scali.com) Tlf : (+47) 22 62 89 50 Olaf Helsets vei 6 Fax : (+47) 22 62 89 51 N-0621 Oslo, Norway - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
