Hi,
I have an Ultra Sparc 5 with Solaris 9 on one disk and Solaris 10 on the
second
disk. I am running IPF v3.4.31 on Solaris 9 and IPF 4.0.3 on Solaris 10.
On hme0 is the internal network aaa.bbb.ccc.ddd and on qfe0
www.xxx.yyy.zzz is the external network (cable modem to isp). I have no
problem with IPF 3.4.31 on Solaris 9, after upgrating to IPF v3.4.35 on
Solaris 9 I experienced very slow access to the internet, file transfers
and loading of web pafes took about 3-4 times longer than with IPF
v3.4.31. I have the same problem on Solaris 10 with IPF 4.0.3. I
reverted back to IPF v3.4.31 on Solaris 9 and all was back to normal. I
used the same ipf.conf and nat.conf. Following are some outputs from
the Solaris 10 System. Anyone has seen this problem and is there any
tuning available?
Regards,
Horst
isainfo -vk
64-bit sparcv9 kernel modules
ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu
8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500
index 2
inet aaa.bbb.ccc.ddd netmask ffffff00 broadcast aaa.bbb.ccc.255
ether 8:0:20:a8:3e:62
qfe0: flags=1104843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,ROUTER,IPv4> mtu
1500 index 3
inet www.xxx.yyy.zzz netmask ffffff00 broadcast www.xxx.yyy.255
ether 0:2:b3:30:84:27
netstat -nr
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
aaa.bbb.ccc.0 aaa.bbb.ccc.1 U 1 3 hme0
www.xxx.yyy.0 www.xxx.yyy.zzz U 1 1 qfe0
default www.xxx.yyy.1 UG 1 56 qfe0
127.0.0.1 127.0.0.1 UH 4 31 lo0
netstat -s -P -ip
IPv4 ipForwarding = 1 ipDefaultTTL = 255
ipInReceives = 1261 ipInHdrErrors = 0
ipInAddrErrors = 0 ipInCksumErrs = 0
ipForwDatagrams = 1160 ipForwProhibits = 0
ipInUnknownProtos = 0 ipInDiscards = 0
ipInDelivers = 159 ipOutRequests = 86
ipOutDiscards = 0 ipOutNoRoutes = 2
ipReasmTimeout = 60 ipReasmReqds = 0
ipReasmOKs = 0 ipReasmFails = 0
ipReasmDuplicates = 0 ipReasmPartDups = 0
ipFragOKs = 0 ipFragFails = 0
ipFragCreates = 0 ipRoutingDiscards = 0
tcpInErrs = 0 udpNoPorts = 0
udpInCksumErrs = 0 udpInOverflows = 0
rawipInOverflows = 0 ipsecInSucceeded = 0
ipsecInFailed = 0 ipInIPv6 = 0
ipOutIPv6 = 0 ipOutSwitchIPv6 = 0
ipf -V
ipf: IP Filter: v4.0.2 (592)
Kernel: IP Filter: v4.0.2
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
ipfstat
bad packets: in 0 out 0
input packets: blocked 537 passed 1829 nomatch 0 counted 0 short 0
output packets: blocked 0 passed 1864 nomatch 0 counted 0 short 0
input packets logged: blocked 497 passed 0
output packets logged: blocked 0 passed 0
packets logged: input 0 output 0
log failures: input 0 output 0
fragment state(in): kept 0 lost 0
fragment state(out): kept 0 lost 0
packet state(in): kept 0 lost 0
packet state(out): kept 105 lost 0
ICMP replies: 0 TCP RSTs sent: 0
Invalid source(in): 0
Result cache hits(in): 2 (out): 0
IN Pullups succeeded: 0 failed: 0
OUT Pullups succeeded: 0 failed: 0
Fastroute successes: 0 failures: 0
TCP cksum fails(in): 0 (out): 0
IPF Ticks: 689
Packet log flags set: (0)
none
ipfstat -io
block out quick on qfe0 proto tcp/udp from any port 136 >< 140 to any
block out quick on qfe0 proto tcp/udp from any to any port 136 >< 140
pass out quick on qfe0 proto tcp from any to any flags S/SA keep state
keep frags
pass out quick on qfe0 proto udp from any to any keep state keep frags
pass out quick on qfe0 proto icmp from any to any keep state keep frags
pass out quick on qfe0 all
pass out quick on lo0 all
pass out quick on hme0 all
block in quick from any to any with opt lsrr
block in quick from any to any with opt ssrr
block in quick from any to any with ipopts
block in quick proto tcp from any to any with short
block in quick proto icmp from any to any with frag
block in quick on qfe0 from 10.0.0.0/8 to any
block in quick on qfe0 from 127.0.0.0/8 to any
block in quick on qfe0 from 169.254.0.0/16 to any
block in quick on qfe0 from 172.16.0.0/12 to any
block in quick on qfe0 from 192.0.2.0/24 to any
block in quick on qfe0 from 192.168.0.0/16 to any
block in quick on qfe0 from 204.152.64.0/23 to any
block in quick on qfe0 from 224.0.0.0/3 to any
block in quick on qfe0 from aaa.bbb.ccc.0/24 to any
block in quick on qfe0 from any to aaa.bbb.ccc.0/32
block in quick on qfe0 from any to aaa.bbb.ccc.255/32
block in log on qfe0 all
pass in quick on lo0 all
pass in quick on hme0 all
ipnat -slv
mapped in 1671 out 1366
added 92 expired 0
no memory 0 bad nat 0
inuse 37
rules 6
wilds 0
table ffffffff7ffffbf0 list 30001b97cc0
List of active MAP/Redirect filters:
map qfe0 aaa.bbb.ccc.0/24 -> www.xxx.yyy.zzz/32 proxy port ftp ftp/tcp
map qfe0 aaa.bbb.ccc.0/24 -> www.xxx.yyy.zzz/32 proxy port 7070
raudio/tcp
map qfe0 aaa.bbb.ccc.0/24 -> www.xxx.yyy.zzz/32 proxy port 1720 h323/tcp
map qfe0 aaa.bbb.ccc.0/24 -> www.xxx.yyy.zzz/32 portmap tcp/udp auto
map qfe0 aaa.bbb.ccc.0/24 -> www.xxx.yyy.zzz/32
List of active sessions:
Long list of active sessions
List of active host mappings:
Long list of active host mappings
