help:FreeBSD4.8+IP Filter: v3.4.32,and error:/kernel: in_cksum: out of data by 3

• Previous message: Brian Candler: "Re: nVidia chipset - ethernet support?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: freebsd-net@freebsd.org <freebsd-net@freebsd.org>
Date: Mon, 29 Mar 2004 17:20:58 +0800

Hi:
  I have installed the FreeBSD4.8 and IP Filter3.4.32.
  The FreeBSD BOX is used to NAT.
  But , i always get the messages "in_cksum: out of data by 3" , And the IP Packets always are droped.
  How to resolve the problem?

the message is:
cat /var/log/messages
Mar 8 17:13:49 nat /kernel: in_cksum: out of data by 2
Mar 8 17:14:19 nat last message repeated 4 times
Mar 8 20:10:03 nat /kernel: in_cksum: out of data by 4
Mar 9 11:59:47 nat /kernel: in_cksum: out of data by 2
Mar 9 11:59:48 nat /kernel: in_cksum: out of data by 2
Mar 9 12:40:06 nat /kernel: in_cksum: out of data by 2
Mar 9 13:32:47 nat /kernel: in_cksum: out of data by 2
Mar 9 17:27:48 nat /kernel: in_cksum: out of data by 2
Mar 9 17:28:16 nat last message repeated 3 times
Mar 9 17:37:19 nat /kernel: in_cksum: out of data by 3
Mar 9 18:04:03 nat /kernel: in_cksum: out of data by 1
Mar 9 19:35:19 nat /kernel: in_cksum: out of data by 2
Mar 9 19:35:23 nat last message repeated 2 times
Mar 10 09:27:43 nat /kernel: in_cksum: out of data by 2
Mar 10 15:43:08 nat /kernel: in_cksum: out of data by 3
Mar 10 15:43:09 nat /kernel: in_cksum: out of data by 3
Mar 10 19:22:34 nat /kernel: in_cksum: out of data by 2
Mar 10 19:22:55 nat last message repeated 4 times
Mar 12 19:30:00 nat /kernel: in_cksum: out of data by 3
Mar 12 20:48:29 nat /kernel: in_cksum: out of data by 3
Mar 13 13:56:40 nat /kernel: in_cksum: out of data by 3
Mar 13 15:45:40 nat /kernel: in_cksum: out of data by 1
Mar 13 16:25:45 nat /kernel: in_cksum: out of data by 3
Mar 13 16:25:53 nat /kernel: in_cksum: out of data by 3
Mar 13 18:28:38 nat /kernel: in_cksum: out of data by 2
Mar 13 18:42:54 nat /kernel: in_cksum: out of data by 3
Mar 13 18:42:57 nat last message repeated 2 times
Mar 13 19:04:05 nat /kernel: in_cksum: out of data by 1
Mar 13 19:33:58 nat /kernel: in_cksum: out of data by 3
Mar 13 19:34:16 nat last message repeated 3 times
Mar 15 16:06:10 nat /kernel: in_cksum: out of data by 1
Mar 15 16:06:37 nat last message repeated 4 times

the system information is:

nat# netstat -m
213/432/240000 mbufs in use (current/peak/max):
        213 mbufs allocated to data
211/432/60000 mbuf clusters in use (current/peak/max)
972 Kbytes allocated to network (0 of mb_map in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines

nat# netstat -in
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
fxp0 1500 <Link#1> xx:xx:xx:xx:xx:xx 3630613020 14 3601258558 0 0
fxp0 1500 xx.xx.xx.xx xx.xx.xx.xx 7201 - 1332493 - -
xl0 1500 <Link#2> xx:xx:xx:xx:xx:xx 4036405001 1 3534131265 0 0
xl0 1500 xx.xx.xx.xx xx.xx.xx.xx 285499286 - 11105 - -
xl0 1500 xx.xx.xx.xx xx.xx.xx.xx 4058 - 0 - -
ppp0* 1500 <Link#3> 0 0 0 0 0
lo0 16384 <Link#4> 28 0 28 0 0
lo0 16384 127 127.0.0.1 0 - 0 - -
nat#

nat# vmstat 1
 procs memory page disk faults cpu
 r b w avm fre flt re pi po fr sr ad0 in sy cs us sy id
 0 0 0 27516 790040 1 0 0 0 1 0 0 746 14 6 0 17 83
 0 0 0 27516 790036 5 0 0 0 0 0 0 19842 23 8 0 40 60
 0 0 0 27516 790036 3 0 0 0 0 0 0 19614 23 8 0 46 54
 0 0 0 27516 790036 3 0 0 0 0 0 3 20335 23 8 0 37 63
 0 0 0 27516 790036 3 0 0 0 0 0 0 20996 23 8 0 49 51
 0 0 0 27516 790036 3 0 0 0 0 0 1 19973 23 9 0 45 55
 0 0 0 27516 790036 3 0 0 0 0 0 0 20990 23 8 0 42 58
 0 0 0 27516 790036 3 0 0 0 0 0 0 20368 27 9 0 43 57
^C

nat# cat /boot/loader.conf
userconfig_script_load="YES"
hw.ata.wc="1"
kern.ipc.nmbclusters="60000"

nat# cat /etc/sysctl.conf
vfs.vmiodirenable=1
kern.ipc.maxsockbuf=2097152
kern.ipc.somaxconn=8192
kern.ipc.maxsockets=16424
kern.maxfiles=65536
kern.maxfilesperproc=32768
net.inet.tcp.rfc1323=1
net.inet.tcp.delayed_ack=0
net.inet.tcp.sendspace=65535
net.inet.tcp.recvspace=65535
net.inet.udp.recvspace=65535
net.inet.udp.maxdgram=57344
net.local.stream.recvspace=65535
net.local.stream.sendspace=65535
net.inet.ipf.fr_tcpidletimeout=7200
net.inet.ipf.fr_tcpclosewait=120
net.inet.ipf.fr_tcplastack=120
net.inet.ipf.fr_tcptimeout=240
net.inet.ipf.fr_tcpclosed=60
net.inet.ipf.fr_tcphalfclosed=300
net.inet.ipf.fr_udptimeout=90
net.inet.ipf.fr_icmptimeout=35
net.link.ether.inet.log_arp_wrong_iface=0
net.inet.icmp.drop_redirect=1
net.inet.icmp.icmplim_output=0
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.icmp.icmplim=300

nat# ipnat -l |wc
   31572 279674 2310903

Dec 31 19:40:59 nat /kernel: Copyright (c) 1992-2003 The FreeBSD Project.
Dec 31 19:40:59 nat /kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
Dec 31 19:40:59 nat /kernel: The Regents of the University of California. All rights reserved.
Dec 31 19:40:59 nat /kernel: FreeBSD 4.8-RELEASE #1: Fri Sep 12 09:04:24 CST 2003
Dec 31 19:40:59 nat /kernel: Timecounter "i8254" frequency 1193182 Hz
Dec 31 19:40:59 nat /kernel: Timecounter "TSC" frequency 2398856292 Hz
Dec 31 19:40:59 nat /kernel: CPU: Intel(R) Pentium(R) 4 CPU 2.40GHz (2398.86-MHz 686-class CPU)
Dec 31 19:40:59 nat /kernel: Origin = "GenuineIntel" Id = 0xf29 Stepping = 9
Dec 31 19:40:59 nat /kernel: Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS
,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Dec 31 19:40:59 nat /kernel: real memory = 1065353216 (1040384K bytes)
Dec 31 19:40:59 nat /kernel: avail memory = 1033474048 (1009252K bytes)
Dec 31 19:40:59 nat /kernel: Preloaded elf kernel "kernel" at 0xc02f0000.
Dec 31 19:40:59 nat /kernel: Pentium Pro MTRR support enabled

Dec 31 19:40:59 nat /kernel: IP Filter: v3.4.32 initialized. Default = pass all, Logging = enabled

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Brian Candler: "Re: nVidia chipset - ethernet support?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Which is better Zonealarm or Tiny Personal? ... >>:)know how nat works and I dont see how something will replace it that quick. ... Can you furnish some references to this new CAT thing. ... NAT replaces the LAN address with the WAN address and the port number ... (comp.security.firewalls) Re: Which is better Zonealarm or Tiny Personal? ... What would cat be all about, I dont remember all these rummors. ... know how nat works and I dont see how something will replace it that quick. ... (comp.security.firewalls) help:FreeBSD4.8+IP Filter: v3.4.32,and error:/kernel: in_cksum: out of data by 3 ... The FreeBSD BOX is used to NAT. ... cat /var/log/messages ... 211/432/60000 mbuf clusters in use (current/peak/max) ... requests for memory delayed ... (freebsd-isp) help:FreeBSD4.8+IP Filter: v3.4.32,and error:/kernel: in_cksum: out of data by 3 ... The FreeBSD BOX is used to NAT. ... cat /var/log/messages ... 211/432/60000 mbuf clusters in use (current/peak/max) ... requests for memory delayed ... (freebsd-net) Re: NAT vs. Security ... > only be protected by the NAT feature of the router. ... accepts requests or what does it do? ... If it accepts requests and you arrange the NAT (port mapping ... isolation or protection and there is no authentication required or ... (microsoft.public.win2000.networking)