Re: a very strange netstat output and problem when using transparent proxy

Tue, 07 Nov 2006 08:42:46 -0800 

Oliver Fromme wrote:

Marat N.Afanasyev <[EMAIL PROTECTED]> wrote:
> I've encountered a very strange situation about two hours ago. I use > squid as transparent proxy and forward all the packets from port 80 to > port 8000. Problem is, first of all, I have a lot of ierrs on interface > when looking to interface stats using netstat. 

What kind of interface is that?  Excerpt from dmesg,
ifconfig and netstat -i might be useful.


bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
        inet6 fe80::250:45ff:fe5f:4f78%bge0 prefixlen 64 scopeid 0x1
        inet xx.xx.xx.xx netmask 0xffffffc0 broadcast xx.xx.xx.xx
        ether 00:50:45:5f:4f:78
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active


bge0   1500 <Link#1>      00:50:45:5f:4f:78  2341018   799  3062828 
0     0


% uptime
 7:34PM  up 40 mins, 3 users, load averages: 0.14, 0.16, 0.08


Hardware is clean. Each of my boxes with broadcom 5704 has the same 
problem. Patchcords are no longer than 4 feet, plugged into catalyst 
2960 directly without patchpanels.



In general, errors on the interface usually indicate a
hardware error (NIC, cables, port).  However, it might
also be a driver bug.


 > The second problem is far 
 > more serious: after a short period of time I have a completely frozen 
 > system that can only send data, but very rarely receive and generates a 
 > huge amount of ierrs on interface.
 > 
 > ipfw rules are as follows:
 > 
 > 00001 allow ip from any to any via lo0

 > 00002 deny ip from any to 127.0.0.0/8
 > 00003 deny ip from 127.0.0.0/8 to any
 > 00010 fwd xx.xx.xx.xx,8000 tcp from any to me dst-port 80
 > 65535 allow ip from any to any

 > 
 > problem with ierrs disappears after I delete rule with forward, but I 
 > need this rule :(


In that rule, is "xx.xx.xx.xx" an IP address configured
on your NIC, or is it 127.0.0.1?  If the former, try to
replace it with 127.0.0.1 and check if that improves the
situation.



Real IP address. I've already switched forward off and make squid listen 
on 80 instead. Problem persists.




However, the FWD line should not cause ierrs on the NIC.
If you're sure that your hardware is good, then there's
probably a bug somewhere.

Best regards
   Oliver




I can say that i was finally wrong. problem is caused not by ipfw, as i 
think, but rather with broadcom 5704 based NIC. This NIC somehow drops 
Ethernet frames. I'm still wandering, why.


--
SY, Marat
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"






















					Reply via email to