Could it be that you're under a DOS attack even though you're "behind three layers of firewall"? =/ Try configuring a firewall to block every UDP packet for every port except those needed by the services you run.
On 3/27/06, Michael W. Lucas <[EMAIL PROTECTED]> wrote: > On Fri, Mar 24, 2006 at 06:03:47PM -0500, Charles Swiger wrote: > > On Mar 24, 2006, at 4:17 PM, Michael W. Lucas wrote: > > >Running FreeBSD 6.1-PRERELEASE as a DNS, dhcp, and syslog server. > > > > > >I'm having trouble with DNS, DHCP, and syslogd locking up, and I think > > >I've found what they all share in common. > > > > > >During the lockups, the box starts dropping UDP due to full socket > > >buffers. I have a dumb little script to capture the rate of drops > > >over 5 seconds, and it's about 45 a second. > > > > > >168725 dropped due to full socket buffers > > >168958 dropped due to full socket buffers > > > > There is generally a cause behind the socket buffers filling up, > > whether that is some form of livelock due to an OS problem or a > > misconfiguration with a firewall/dummynet setup. You could look at > > the output of "netstat -a(n)" for insight as to where the packets are > > being queued up, but "netstat -s" would be useful to show to us as well. > > Thanks. I think you've shown me how to find the problem: > > # netstat -na > ... > udp4 0 0 127.0.0.1.57058 127.0.0.1.53 > udp4 0 0 127.0.0.1.61259 127.0.0.1.53 > udp4 0 0 127.0.0.1.54240 127.0.0.1.53 > udp4 0 0 127.0.0.1.52997 127.0.0.1.53 > udp4 0 0 *.67 *.* > udp4 43414 0 *.514 *.* > udp4 0 0 *.49661 *.* > ... > > We have no firewall on this machine; it's buried behind three layers > of firewall. > > I've tried running syslogd in debug mode, but not found anything > particularly useful yet. Syslogd is now set to restart every 15 > minutes, and run in debug mode, so hopefully the next time this > happens I'll have the debugging output. The problem happens even > within fifteen minutes, but because of my timeouts nobody notices. > > I'm attaching the output of netstat -na and netstat -s for general > informative purposes; if anyone has any further suggestions, I'm all > ears. > > Thanks, > ==ml > > -- > Michael W. Lucas [EMAIL PROTECTED], [EMAIL PROTECTED] > http://www.BlackHelicopters.org/~mwlucas/ > > "The cloak of anonymity protects me from the nuisance of caring." -Non > Sequitur > > > > > > -- []'s, Luiz Eduardo
_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
