Hi guys. I have been using 3.2-Release for quite some time now as a
natd. Normally I have no problems with this setup at all. However, I just
realized, after perusing my logs, I have been getting this error.
Jul 18 17:58:41 daemon natd[107]: failed to write packet back (Host is down)
Jul 18 17:58:41 daemon natd[107]: failed to write packet back (No route to
host)
Jul 18 17:58:45 daemon natd[107]: failed to write packet back (No route to
host)
(I only greped for natd in this case, it naturally has the 'last message
repeated' for quite some time in between logs)
Normally I get this error when my 'cable' modem goes down, so it makes
sense that there is no route to host. However, as I checked the more
recent logs.
Jul 25 00:06:07 daemon natd[107]: failed to write packet back (Host is down)
Jul 25 00:06:12 daemon last message repeated 3 times
Jul 25 00:45:30 daemon natd[107]: failed to write packet back (Host is down)
Jul 25 00:51:54 daemon last message repeated 18 times
Now, this error is a bit different. There is no '(No route to host)' error
this time. And, I get this error yet the cable modem interface did NOT go
down. I do not think I changed anything significant, however, I did add
these kernel options around the '5th of june'.
pseudo-device bpfilter 4 #Berkeley packet filter
#NATD
options IPFIREWALL
options IPDIVERT
#DUMMYNET
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options DUMMYNET
options NMBCLUSTERS=1024
#SOFTUPDATES
options SOFTUPDATES
#NCFTPD SHARED MEM
#options SHMMAXPGS=1024
#SHARED MEM OPTIONS FROM LINT
options SHMALL=1025
options "SHMMAX=(SHMMAXPGS*PAGE_SIZE+1)"
options SHMMAXPGS=1025
options SHMMIN=2
options SHMMNI=33
options SHMSEG=9
Ok. Now, I do use dummynet, however, using ipfw show, there was no usage
on that particular "pipe". The machine has maxusers set to 128, and is a
k6-200 with 32 megs of ram, using Dec PCI nics (two of them), on an
asus97-XE, TX Chipset. I really think the issue is software based over
hardware since previous logs did not have such a "large" amount of this
natd failure to write back. (previous to the 5th of july which was the
last time I modified my new kernel file). I also run these services on top
of the standard ones, like apache13+php3 with ssl, and I added my own
loadable module, mod_fastcgi, mysqld, postgresql, ncftpd, socks5, sshd,
with the default tcp wrapper, telnetd, and ftpd. (Hm. I could eliminate
running mysqld, even I only have 32 megs of ram, my machine 'does' seem ok
with the 'load', Kudos to FreeBSD power!).
Now, I highly doubt if I just remake world it will 'fix' anything, however,
I am ready to remake world since I am using 3.2-RELEASE. However, I was
not aware of any significant fixes done to natd code during this
time. (sorry if I missed it, by the way, is there a direct listing of
fixes that grows as we progress through stable? I know it is cumbersome
though, and we must as well just add the list in each release, but just
curious for convenience sake).
Ok. So, are any of my options somewhat "limiting" and causing a pipe to be
full or something odd like that? Or is this a known problem and I should
consider getting my machine 'synched' with 3.2-STABLE? It has to be my
kernel setup or a 'bug' that has been squashed some how, right?
On the side, could it be my bpf filter is not high enough? I do use dhcpd,
but I only host maybe 3 clients. (they are not always even on all the time).
Thanks in advance, I am sure we can find a solution for this problem.
-Carroll Kong
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
