[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problems with stalling sessions



Hi
I have a redundant firewall with CARP. 3.6 STABLE plus all patches from CVS 
for stable (updated last week). The firewalls have 7 nic ports each. 
External, internal, pfsync and 4 dmz interfaces. The servers are firewalls, 
DNS, mailrelay, antivirus, spamkillern ntp and dhcp for internal hosts.
Everything works perfect! Except for the facts that sessions are stalling 
during transfers of big files. I have tried to remove "aggressive timeouts", 
"adaptive timeouts" and "scrub" without success. It doesn't matter if the 
transfer goes over NAT from Lan to internet or from a real IP on dmz2 to the 
internet. We have tried many different protocols such as SSH, amanda and more.
Turning on -x loud give ALOT of the below (maybe irrelevant??)
--snip--
Nov  8 00:49:53 san /bsd: pfsync: ignoring stale update (3) id: 
4367413c000b4c76 creatorid: e31b4f22
Nov  8 00:49:53 san /bsd: pfsync: ignoring stale update (3) id: 
4367413c000b4c75 creatorid: e31b4f22
Nov  8 00:49:53 san /bsd: pfsync: ignoring stale update (3) id: 
--snip--
Nothing comes up as blocked in the firewall log when a session is stalling.
I have Intel 10/100 (fxp nics) and Soekris lan1641 quad boards (sis nics)
Don't look to close to the queuing stuff as it's not complete.
The rows from Firewall-1 pf.conf (primary) on the link below.
http://www.incedo.org/~sjoholmp/pf/pf.conf
(secondary FW have exactly the same pf.conf)
Any suggestions?
Will go to OBSD 3.8 in January but need this working now...
Thanks in advance
Per-Olov Sjöholm

Attachment: pgp00216.pgp
Description: PGP signature