sarg won't run on my 4.4
Not sure where to go from here. I saw another posting about this, but I didn't see if there was a resolution. Does anyone know what could be causing this? # sarg -z -x SARG: Init SARG: Loading configuration from: /etc/sarg/sarg.conf SARG: TAG: access_log /var/squid/logs/access.log SARG: TAG: graphs yes SARG: TAG: output_dir /var/www/htdocs/sarg SARG: TAG: overwrite_report yes SARG: TAG: report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads SARG: TAG: www_document_root /var/www/htdocs/sarg Segmentation fault (core dumped) here is a dmesg from the machine: http://www.nabble.com/file/p22046397/openBSD4.4dmesg openBSD4.4dmesg Thanks, -- View this message in context: http://www.nabble.com/sarg-won%27t-run-on-my-4.4-tp22046397p22046397.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Firewall 4.3 is limiting bandwidth
Here are my sysctl net settings: net.inet.ip.forwarding=1 net.inet.ip.redirect=1 net.inet.ip.ttl=64 net.inet.ip.sourceroute=0 net.inet.ip.directed-broadcast=0 net.inet.ip.portfirst=1024 net.inet.ip.portlast=49151 net.inet.ip.porthifirst=49152 net.inet.ip.porthilast=65535 net.inet.ip.maxqueue=300 net.inet.ip.encdebug=0 net.inet.ip.ipsec-expire-acquire=30 net.inet.ip.ipsec-invalid-life=60 net.inet.ip.ipsec-pfs=1 net.inet.ip.ipsec-soft-allocs=0 net.inet.ip.ipsec-allocs=0 net.inet.ip.ipsec-soft-bytes=0 net.inet.ip.ipsec-bytes=0 net.inet.ip.ipsec-timeout=86400 net.inet.ip.ipsec-soft-timeout=8 net.inet.ip.ipsec-soft-firstuse=3600 net.inet.ip.ipsec-firstuse=7200 net.inet.ip.ipsec-enc-alg=aes net.inet.ip.ipsec-auth-alg=hmac-sha1 net.inet.ip.mtudisc=1 net.inet.ip.mtudisctimeout=600 net.inet.ip.ipsec-comp-alg=deflate net.inet.ip.ifq.len=0 net.inet.ip.ifq.maxlen=256 net.inet.ip.ifq.drops=0 net.inet.ip.mforwarding=0 net.inet.ip.multipath=0 net.inet.ip.mrtproto=19 net.inet.icmp.maskrepl=0 net.inet.icmp.bmcastecho=0 net.inet.icmp.errppslimit=100 net.inet.icmp.rediraccept=1 net.inet.icmp.redirtimeout=600 net.inet.icmp.tstamprepl=1 net.inet.ipip.allow=0 net.inet.tcp.rfc1323=1 net.inet.tcp.keepinittime=150 net.inet.tcp.keepidle=14400 net.inet.tcp.keepintvl=150 net.inet.tcp.slowhz=2 net.inet.tcp.baddynamic=587,749,750,751,871 net.inet.tcp.recvspace=16384 net.inet.tcp.sendspace=16384 net.inet.tcp.sack=1 net.inet.tcp.mssdflt=512 net.inet.tcp.rstppslimit=100 net.inet.tcp.ackonpush=0 net.inet.tcp.ecn=0 net.inet.tcp.syncachelimit=10255 net.inet.tcp.synbucketlimit=105 net.inet.tcp.rfc3390=1 net.inet.tcp.reasslimit=3072 net.inet.tcp.sackholelimit=32768 net.inet.udp.checksum=1 net.inet.udp.baddynamic=623,664,749,750,751 net.inet.udp.recvspace=41600 net.inet.udp.sendspace=9216 net.inet.gre.allow=1 net.inet.gre.wccp=0 net.inet.esp.enable=1 net.inet.esp.udpencap=1 net.inet.esp.udpencap_port=4500 net.inet.ah.enable=1 net.inet.mobileip.allow=0 net.inet.etherip.allow=0 net.inet.ipcomp.enable=0 net.inet.carp.allow=1 net.inet.carp.preempt=0 net.inet.carp.log=0 -- View this message in context: http://www.nabble.com/Firewall-4.3-is-limiting-bandwidth-tp21720950p21795381.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Firewall 4.3 is limiting bandwidth
Looks like I spoke a little too soon. I am still having problems. When I thought it was fixed the first time turns out to be that I was watching the upside of a fluctuation. It appears the bandwidth goes from roughly 60% of its potential capacity to 5%. I took out queuing altogether but I still get the same results. I'm told a dmesg would be helpful, so I will include it in this post. I'm not sure what else I could contribute. http://www.nabble.com/file/p21793090/bsddmesg.txt bsddmesg.txt -- View this message in context: http://www.nabble.com/Firewall-4.3-is-limiting-bandwidth-tp21720950p21793090.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Firewall 4.3 is limiting bandwidth
Thanks for the response. I did manually change the media type last night from half to full. It was set to auto, and the switch port to which it was connected was set to full, but for some reason it went to half. After I changed the duplex, I didn't see any improvement. This morning I came in, and although I know I've done this before, I tried switching the port and the cable, and it immediately improved. This will have to be chalked to either the cable or the port, although I've never seen it happen that a cable would not drop packets or log errors and still cause be limitations? The port is new, and there is no QoS or anything else I can detect that might have caused something like this. I'm glad it's fixed though. It was driving me nuts. Nick Ryan wrote: Sorry pppoe in that example should have been $pppoe and it should correspond to the interface you're using for pppoe and declared in the pf.conf file. It's in the man pages anyway. On 29 Jan 2009, at 10:06, Nick Ryan wrote: I'd try manually changing the interface media type just in case it's that. I've seen odd things happen if you have it autodetect compared to manually setting it to 100mbTX full duplex... (and vice versa) Then I'd look at cables, try switching out the network card for another, that sort of thing. ifconfig vr0 media 100baseTX mediaopt full-duplex Change vr0 to whatever your network card is. Also I'm assuming you're not using PPPOE - if you are try setting the maximum mtu size in your pf.conf file... scrub out on pppoe0 max-mss 1440 anyway - if it's neither of these then we'll need more info on what your set up is. A dmesg would also help. On 29 Jan 2009, at 05:21, numb3rs1x wrote: I've aalso tried the sysctl adjustment listed in the man pages. net.inet.tcp.sendspace: 65536 net.inet.tcp.recvspace=65536 That seemed to make it worse if anything. -- View this message in context: http://www.nabble.com/Firewall-4.3-is-limiting-bandwidth-tp21720950p21721077.html Sent from the openbsd user - misc mailing list archive at Nabble.com. -- View this message in context: http://www.nabble.com/Firewall-4.3-is-limiting-bandwidth-tp21720950p21731315.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Firewall 4.3 is limiting bandwidth
I've narrowed it down to my openBSD 4.3 pf firewall. My downloads are 10-50KB/s on a 3Mb pipe with or without the queue rules loaded. What should I check? -- View this message in context: http://www.nabble.com/Firewall-4.3-is-limiting-bandwidth-tp21720950p21720950.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Firewall 4.3 is limiting bandwidth
I've aalso tried the sysctl adjustment listed in the man pages. net.inet.tcp.sendspace: 65536 net.inet.tcp.recvspace=65536 That seemed to make it worse if anything. -- View this message in context: http://www.nabble.com/Firewall-4.3-is-limiting-bandwidth-tp21720950p21721077.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: CARP issues 4.3
a shot in the dark: Are you sure that CARP traffic flows freely between the two firewalls, and that they both have the same password? That the IP setup is generally consistent? All I can say about that is that when I set this up and tested it, everything seemed to be working fine. I was able to tcpdump and see pfsync traffic across the interfaces on both firewalls. I manually failed the primary over to the secondary at that time and it worked. All of this seemed to start happening when I added and then removed the alias from the WAN interface. I've double and triple checked the config on that interface and I can't see that anything is amiss. (Eg. I have trouble with what you call a WAN interface - those interfaces that I am aware of, should not be able to support CARP operation because they are point-to-point interfaces.) There is a switch between the firewall and the ISP's router. I've seen this, too, and tracked it down to be either a misconfiguration (eg. a typo), or overlapping networks. I use class C networks, and they don't overlap like what you described. Try sh netstart broken-interface to see proper error messages. I tried this and got denied permission. I don't see anything useful in the man page on this. Is there something I'm missing? Thanks alot for taking the time to reply. Jon -- View this message in context: http://www.nabble.com/CARP-issues-4.3-tp21322265p21336067.html Sent from the openbsd user - misc mailing list archive at Nabble.com.