Hi Guys,
I was just wondering if you could help me with my problem. Before going to the details here is my setup: OS: FreeBSD 7.0-RELEASE i386 Firewall:PF Interface: em1(external interface) and em0(internal interface) Setup: The 2 interfaces above are setup as a bridge so we are using PF as a layer2 FW. Use altq to define queues on em1 and em0 ( default, unlimited, sponsored, premium, standard) Doing a netstat -d -I em1. I can see that there incoming packet errors but no outgoing packet errors. A number of drops but no collision. Doing a netstat -d -I em0. I can see that there are no errors on the incoming and outgoing packets. A number of drops but no collision. Doing a netstat -d -l bridge0. don't see any errors on the incoming and outgoing packets. No drops and collision. Looking at my ruleset I can see that I have scrub in on em1 Does this rule cause the packet errors? Or presumably because of the speed of the network? We are running at around 8000 packet/s for incoming and outgoing traffic. There was plan of removing this rule? If we do that? What would the implications be? Also using the tool pftop, the default queue has packet drops and suspensions QUEUE BW SCH PRIO PKTS BYTES DROP_P DROP_B QLEN BORROW SUSPEN P/S B/S default 134M cbq 1326370 775902K 138 102128 0 0 2798 8182 4340435 Do you think the scrub rule is the causing pf to suspend some packets? I also wish to understand how pftop works to be able to debug the problem. The reason that I am asking this questions is that we get connectivity issues with some external sites that we connect to. It might be the uplink that has problems but I hope I could gather information on what might be causing this, or things might be or not related to this issue. Your help would be greatly appreciated. Thanks Mark Pagulayan University of Auckland _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
