Hi all, I was looking for any idea how to tune OBSD with PF, rdr & nat. I use rdr round-robin of port 80 to backend webservers using private adress space. When packets go back to clients watching webpage PF makes nat on them.
Anyway, if I check it with ~100Mbps of traffic everything goes slower and slower and after few minutes clients sees that webserver is responding with very long delay to client's requests. However after ~15 seconds everything works well for another minute... I was reading OpenBSD/PF FAQ, trying to change limits in PF but problem still exists. After pfctl -x misc the following comes to logs: Nov 16 08:06:30 ungabunga /bsd: pf: BAD state: TCP 10.0.0.1:80 1.1.1.1:80 2.2.2.23:5027 [lo=1659423809 high=1659488734 win=16384 modulator=0] [lo=1312540182 high=1312540506 win=65535 modulator=0] 4:4 A seq=1312540182 ack=1659423809 len=1460 ackskew=0 pkts=3188:5511 dir=out,rev Doest anyone have an idea what I should look for to find what should be tuned up? other info: there are ~2500 state entries. TIMEOUTS: tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s tcp.tsdiff 30s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 15s interval 10s adaptive.start 24000 states adaptive.end 48000 states src.track 0s LIMITS: states hard limit 40000 src-nodes hard limit 40000 frags hard limit 40000 tables hard limit 1000 table-entries hard limit 100000 -- regards, Sylwester S. Biernacki <[EMAIL PROTECTED]> X-NET, http://www.xnet.com.pl/
