Hello lists, I have a 6.1-RELEASE-p10 system running IP Filter which comes with 6.1 acting as a firewall for my small home network. This system freezes when handling a lot of data, ie. With an upload of a 60Meg file to the firewall through SFTP from OpenSSH or when accessing large webpages. With freezes I mean doesn't accept any new connections, doesn't respond on the keyboard. After 3 or 4 minutes the system 'lives' again. Nothing valueable is logged in the meantime. The NICs used are Intel Gbit Desktop adapter and the system is using the 'em' driver for this. I am running IP Filter as a module.
The freeze doesn't happen when the IP Filter kernel module is unloaded! [EMAIL PROTECTED] me $ uname -a FreeBSD firewall.domain.nu 6.1-RELEASE-p10 FreeBSD 6.1-RELEASE-p10 #0: Thu Nov 2 16:00:30 CET 2006 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/FIREWALL i386 [EMAIL PROTECTED] me $ ipf -V ipf: IP Filter: v4.1.8 (416) The sysctl.conf file of the system. # $FreeBSD: src/etc/sysctl.conf,v 1.8 2003/03/13 18:43:50 mux Exp $ # # This file is read when going to multi-user and its contents piped thru # ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details. # #----------------------------------------------------------------------- - # Disable kernel coredumps #----------------------------------------------------------------------- - kern.coredump=0 #----------------------------------------------------------------------- - # Some hardening options #----------------------------------------------------------------------- - security.bsd.see_other_uids=0 security.bsd.see_other_gids=0 #----------------------------------------------------------------------- - # Some networking options #----------------------------------------------------------------------- - net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 net.inet.ip.random_id=1 #----------------------------------------------------------------------- - # TCP/IP stack hardening #----------------------------------------------------------------------- - # Decrease the ARP cache cleanup interval net.link.ether.inet.max_age=1200 # Disable ICMP broadcast echo activity net.inet.icmp.bmcastecho=0 # Disable ICMP routing redirects net.inet.ip.redirect=0 # Disable ICMP broadcast probes net.inet.icmp.maskrepl=0 # Disable IP source routing net.inet.ip.sourceroute=0 net.inet.ip.accept_sourceroute=0 # Increase resiliance under heavy TCP load kern.ipc.somaxconn=1024 # Set TCP send and receive window sizes net.inet.tcp.sendspace=32768 net.inet.tcp.recvspace=32768 Anyone any idea what this is about? Regards, Lars Wittebrood. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"