Based on the output listed below, I am wondering if the 'maximum' number
of states in the ipfstat -s output and the calls to the protocol drains
are stats that I need to worry about or if they occur 'normally' during
the course of operation.
The firewall that generated these stats protects our student residence
network and has approximately 1000 computer behind it.
Any feedback that you can provide is greatly appreciated.
OS
--
6.0-RELEASE FreeBSD 6.0-RELEASE #3
The firewall is Dell 850 with a P4 2.8GHz and 2.0 GB of RAM. There are
2 on-board gig ethernet ports.
netstat -m
515/385/900 mbufs in use (current/cache/total)
514/256/770/25600 mbuf clusters in use (current/cache/total/max)
0/8/6656 sfbufs in use (current/peak/max)
1156K/608K/1765K bytes allocated to network (current/cache/total)
0 requests for sfbufs denied
0 requests for sfbufs delayed
0 requests for I/O initiated by sendfile
19 calls to protocol drain routines
IPFILTER
--------
ipf: IP Filter: v4.1.8 (416)
Kernel: IP Filter: v4.1.8
Running: yes
Log Flags: 0 = none set
Default: block all, Logging: available
Active list: 0
Feature mask: 0x10a
ADDTN'L IPFILTER INFO
---------------------
There are 158 rules defined in the rule set, utilizing groups.
Ipfstat -s
IP states added:
28434102 TCP
49787604 UDP
48144 ICMP
2084963038 hits
138975232 misses
77 maximum
0 no memory
0 max bucket
77 maximum
0 no memory
40498 bkts in use
61840 active
0 expired
109862 closed
State logging enabled
State table bucket statistics:
40498 in use
38.67% bucket usage
0 minimal length
10 maximal length
1.527 average length
The number of inuse NATs varies between 30k and 80k.
Ipnat -s
mapped in 500705856 out 591083545
added 65964408 expired 0
no memory 0 bad nat 0
inuse 58465
rules 80
wilds 0
-jwb
----------------------
Jim Beers
CIT
Moravian College
