Re: ipf over bridge strange problem

On Sat, Jul 03, 2004 at 08:39:28PM +0200, fz@frontier.fr wrote:
> Hi,
>
> For technical (and especially customer) reasons, i setted up a
> firewalling solution based on FreeBSD 4.x (kernel compiled with BRIDGE
> option) and ipf. The firewall has been tested on FreeBSD 4.8, 4.9 and
> 4.10.

I've been meaning to post to this list for a while - I've been having
intermittent problems with mbuf exhaustion and consequent loss of
network connectivity on this same combination. It appears to be a slow
mbuf leak. The only cure when mbufs are exhausted is to log in at the
console and do a shutdown/reboot. It's on my home firewall and nothing
super-critical lives behind it, so I've been able to deal with it by
occasionally rebooting the system and losing connectivity for a few
minutes.

FreeBSD 4.9 (I think); compiled with IPF and BRIDGE as kernel
options.

I am also running squid and dnscache on this system - been
experimenting with lumping all the "border services" together, though
I'm aware it might not be the best idea - so I'd been delaying on
posting this as a problem until I move those out of the picture and
confirm the same problem exists. But since you also say you've had
mbuf exhaustion problems...

> Any Help would be appreciated.
>
> Iface are intel cards using fxp or em drivers, but i have the same
> problem with xl driver.

I have an rl and dc in my home system, so I doubt it's driver related.

I'll post details later.

-- Clifton

--
Clifton Royston -- cliftonr@tikitechnologies.com
Tiki Technologies Lead Programmer/Software Architect
Did you ever fly a kite in bed? Did you ever walk with ten cats on your head?
Did you ever milk this kind of cow? Well we can do it. We know how.
If you never did, you should. These things are fun, and fun is good.
-- Dr. Seuss