Re: packet loss to firewall while Internet link is down
- From: Lane <lane@xxxxxxxxxxxxxx>
- Date: Sat, 28 Oct 2006 17:58:05 -0500
On Saturday 28 October 2006 17:41, D G Teed wrote:
Hi all,
When the Internet link goes down, ssh refuses
to allow connection from within the LAN to our BSD
firewall/gateway. An existing ssh connection might stay
up, but be very sluggish. We run our own DNS, so that
can't be the reason for timeouts.
When the Internet is down, the CPU load factor on the
FreeBSD firewall is low, but the number of TCP packets
that can't get past the first hop is likely high, which
might cause some sort of congestion on the machine.
The console is very responsive. mtr to any point
on the local LAN from the firewall sees 50 to 80%
packet loss. However, there is no packet loss between
other machines on the lan and our network guy says
the router port and cable check out fine.
There are no console error messages providing a clue.
netstat -m shows the mb_map is about 26% in use
while the Internet is down. The machine in question
is FreeBSD 4.11, running ipfw and acting as a gateway
(not NAT).
Once the Internet comes back up, ssh in works, and
ssh sessions are very responsive again.
Is there some kernel variable I can tweak, or some tests I
can try the next time the Internet goes down and the
gateway/firewall drop packets on connections to our LAN?
Our operations manager is a Windows guy, and every time
he can't ssh in, he thinks the firewall needs a reboot, when
the real problem is that the Internet is down and
there is something we need to tweak to make it
better able to survive local LAN traffic.
--Donald
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@xxxxxxxxxxx"
I have the same problem, but I just thought it was nat somehow interfering.
I've set up a local web server on my router/gateway that lets me do things
like check the status of ppp, or view /var/log/messages, and even reboot the
server. When I can't get in via ssh (i.e. when the "public" internet
connection is down) the web server, samba server, DHCP server, DNS server,
ftp server, and everything else still responds normally.
It's no answer, but what I did was allow telnet connections via the internal
nic, because even telnet is unaffected. Only ssh causes me a problem.
I'm interested in the answer to this one.
lane
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- References:
- packet loss to firewall while Internet link is down
- From: D G Teed
- packet loss to firewall while Internet link is down
- Prev by Date: packet loss to firewall while Internet link is down
- Next by Date: Unable to get fetch expat-2.0.0._1 from selected media
- Previous by thread: packet loss to firewall while Internet link is down
- Next by thread: Unable to get fetch expat-2.0.0._1 from selected media
- Index(es):
Relevant Pages
|
