I seem to have been having a rather strange networking issue in FreeBSD 5.3-Stable (it started happening immediately after 5.2.1 and has persisted since.. I keep ³hoping² that next time I cvsup it will be fixed, but no). I downgraded back to 5.2.1-p13 and it is perfectly fine once again. *** Some background information: My FreeBSD box is my home NAT router, server, firewall, etc. It does DHCP, MX for some of my domains, secondary DNS (I got primary elsewhere), apache for some webhosting, blah blah blah. Nothing really special. It is a Dual PIII-500, 512mb ram, and a couple ATA hdd¹s. Had 3 realtek network interfaces, but down to 2 now. *** The problem: Networking simply "stops" or "locks up". Why, I don't know. I believe initially it happened for all 3 network cards... I thought tcp/ip processing or something in the kernel got locked. It happens every 30 minutes to an hour, and lasts about 60 seconds to 120 seconds. Unfortunately, 60 seconds to 120 seconds is long enough to kill messenger (my gf does not like), online gaming, etc etc. Lately, I had taken one of the realtek cards out (it was for a several km long wireless link) and moved the server to my gf's place (where I am now 100% of the time). So now that I have the server locally and rely on it for my internet connection, this has become a real PAIN. I've noticed that I can remain ssh'd into diablo, do whatever I want while this "lock" issue occurs. So the lan interface rl0 is fine. The internet interface, rl1 (which goes to the cable modem) locks up. (btw, its not the cable modem as I am using my gf's now, and it did this at my place on my cable modem too, which is a different brand. Nortel at my place, motorola at my gfs). *** Attempts: I've attempted switching out network cards, and places 3 other realtek cards in. Different brands, all with different revisions (D instead of B, etc, etc). No matter what I try, nothing fixes it. The machine seems perfectly repsonsive, and I am still ssh'd in and can do whatever I want on it... But the network card going to the cable modem has stopped responding?! This never happened during 5.0-Current all throughout 5.2.1-STABLE, but anywhere beyond 5.2.1 it craps itself. *** Dmesg output: Copyright (c) 1992-2004 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.2.1-RELEASE-p13 #2: Thu Feb 10 18:39:33 CST 2005 diskiller_at_diablo.diskiller.net:/junk/obj/junk/src/sys/DIABLO Preloaded elf kernel "/boot/kernel/kernel" at 0xc076c000. MPTable: <OEM00000 PROD00000000> Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Pentium III/Pentium III Xeon/Celeron (504.72-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x673 Stepping = 3 Features=0x387fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA, CMOV,PAT,PSE36,PN,MMX,FXSR,SSE> real memory = 536870912 (512 MB) avail memory = 516034560 (492 MB) FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 ioapic0: Assuming intbase of 0 ioapic0 <Version 1.1> irqs 0-23 on motherboard Pentium Pro MTRR support enabled npx0: [FAST] npx0: <math processor> on motherboard npx0: INT 16 interface pcibios: BIOS version 2.10 Using $PIR table, 7 entries at 0xc00fdcf0 pcib0: <Intel 82443BX (440 BX) host to PCI bridge> at pcibus 0 on motherboard pci0: <PCI bus> on pcib0 pci_cfgintr: 0:10 INTA BIOS irq 10 pci_cfgintr: 0:12 INTA BIOS irq 11 agp0: <Intel 82443BX (440 BX) host to PCI bridge> mem 0xd0000000-0xd3ffffff at device 0.0 on pci0 pcib1: <PCI-PCI bridge> at device 1.0 on pci0 pci1: <PCI bus> on pcib1 isab0: <PCI-ISA bridge> at device 7.0 on pci0 isa0: <ISA bus> on isab0 atapci0: <Intel PIIX4 UDMA33 controller> port 0xf000-0xf00f at device 7.1 on pci0 ata0: at 0x1f0 irq 14 on atapci0 ata0: [MPSAFE] ata1: at 0x170 irq 15 on atapci0 ata1: [MPSAFE] uhci0: <Intel 82371AB/EB (PIIX4) USB controller> port 0xe000-0xe01f at device 7.2 on pci0 pci_cfgintr: 0:7 INTD routed to irq 11 usb0: <Intel 82371AB/EB (PIIX4) USB controller> on uhci0 usb0: USB revision 1.0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered piix0: <PIIX Timecounter> port 0x5000-0x500f at device 7.3 on pci0 Timecounter "PIIX" frequency 3579545 Hz quality 0 pci0: <display, VGA> at device 8.0 (no driver attached) rl0: <RealTek 8139 10/100BaseTX> port 0xe400-0xe4ff mem 0xd7000000-0xd70000ff irq 10 at device 10.0 on pci0 rl0: Ethernet address: 00:00:21:f2:a5:47 miibus0: <MII bus> on rl0 rlphy0: <RealTek internal media interface> on miibus0 rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto rl1: <RealTek 8139 10/100BaseTX> port 0xe800-0xe8ff mem 0xd7001000-0xd70010ff irq 11 at device 12.0 on pci0 rl1: Ethernet address: 00:40:f4:90:1c:4b miibus1: <MII bus> on rl1 rlphy1: <RealTek internal media interface> on miibus1 rlphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto orm0: <Option ROMs> at iomem 0xc8000-0xcbfff,0xc0000-0xc7fff on isa0 pmtimer0 on isa0 atkbdc0: <Keyboard controller (i8042)> at port 0x64,0x60 on isa0 atkbd0: <AT Keyboard> irq 1 on atkbdc0 kbd0 at atkbd0 fdc0: ready for input in output fdc0: cmd 3 failed at out byte 1 of 3 sc0: <System console> at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio0: configured irq 4 not in bitmap of probed irqs 0 sio0: port may not be enabled sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 8250 or not responding sio1: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 unknown: <PNP0303> can't assign resources (port) unknown: <PNP0c02> can't assign resources (memory) unknown: <PNP0a03> can't assign resources (port) Timecounters tick every 10.000 msec ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to deny, logging unlimited GEOM: create disk ad0 dp=0xc4445260 ad0: 19569MB <WDC WD205AA-00BAA0> [39761/16/63] at ata0-master UDMA33 GEOM: create disk ad2 dp=0xc4445c60 ad2: 76319MB <ST380021A> [155061/16/63] at ata1-master UDMA33 acd0: CDRW <SONY CD-RW CRX140E> at ata1-slave PIO4 SMP: AP CPU #1 Launched! Mounting root from ufs:/dev/ad0s1a pid 524 (my_print_defaults), uid 88: exited on signal 11 pid 529 (my_print_defaults), uid 88: exited on signal 11 pid 544 (mysqld), uid 88: exited on signal 11 pid 700 (my_print_defaults), uid 1000: exited on signal 11 (core dumped) diablo:~> Dmesg output didn¹t look particularly different in 5.3-stable. The coredumps are due to the downgrade and being linked against newer libs from 5.3. *** Kernel configuration: diablo:/usr/src/sys/i386/conf> cat DIABLO # # GENERIC -- Generic kernel configuration file for FreeBSD/i386 # # For more information on this file, please read the handbook section on # Kernel Configuration Files: # # http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-confi g.html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the # FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the # latest information. # # An exhaustive list of options and more detailed explanations of the # device lines is also present in the ../../conf/NOTES and NOTES files. # If you are in doubt as to the purpose or necessity of a line, check first # in NOTES. # # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.413.2.8 2004/10/24 17:42:08 scottl Exp $ machine i386 #cpu I486_CPU cpu I586_CPU cpu I686_CPU ident DIABLO # To statically compile in device wiring instead of /boot/device.hints #hints "GENERIC.hints" # Default places to look for devices. options SCHED_4BSD # 4BSD scheduler options INET # InterNETworking #options INET6 # IPv6 communications protocols options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists options UFS_DIRHASH # Improve performance on big directories #options MD_ROOT # MD is a potential root device options NFSCLIENT # Network Filesystem Client options NFSSERVER # Network Filesystem Server #options NFS_ROOT # NFS usable as /, requires NFSCLIENT options MSDOSFS # MSDOS Filesystem options CD9660 # ISO 9660 Filesystem options PROCFS # Process filesystem (requires PSEUDOFS) options PSEUDOFS # Pseudo-filesystem framework options GEOM_GPT # GUID Partition Tables. options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!] options COMPAT_FREEBSD4 # Compatible with FreeBSD4 options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI options KTRACE # ktrace(1) support options SYSVSHM # SYSV-style shared memory options SYSVMSG # SYSV-style message queues options SYSVSEM # SYSV-style semaphores options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options KBD_INSTALL_CDEV # install a CDEV entry in /dev options AHC_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~128k to driver. options AHD_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~215k to driver. #options ADAPTIVE_GIANT # Giant mutex is adaptive. # Firewall options IPFIREWALL # Firewall (ipfw) options IPFIREWALL_VERBOSE # Verbose errors #options IPFIREWALL_FORWARD # Transparent forwarding options IPDIVERT # For NATD #options DUMMYNET # Traffic Shaping! # IPsec #options IPSEC #options IPSEC_ESP # To make an SMP kernel, the next two are needed options SMP # Symmetric MultiProcessor Kernel device apic # I/O APIC # Bus support. Do not remove isa, even if you have no isa slots device isa device eisa device pci # Floppy drives device fdc # ATA and ATAPI devices device ata device atadisk # ATA disk drives #device ataraid # ATA RAID drives device atapicd # ATAPI CDROM drives #device atapifd # ATAPI floppy drives #device atapist # ATAPI tape drives options ATA_STATIC_ID # Static device numbering # SCSI Controllers #device ahb # EISA AHA1742 family #device ahc # AHA2940 and onboard AIC7xxx devices #device ahd # AHA39320/29320 and onboard AIC79xx devices #device amd # AMD 53C974 (Tekram DC-390(T)) #device isp # Qlogic family #device mpt # LSI-Logic MPT-Fusion #device ncr # NCR/Symbios Logic device sym # NCR/Symbios Logic (newer chipsets + those of `ncr') device trm # Tekram DC395U/UW/F DC315U adapters #device adv # Advansys SCSI adapters #device adw # Advansys wide SCSI adapters #device aha # Adaptec 154x SCSI adapters #device aic # Adaptec 15[012]x SCSI adapters, AIC-6[23]60. #device bt # Buslogic/Mylex MultiMaster SCSI adapters #device ncv # NCR 53C500 #device nsp # Workbit Ninja SCSI-3 #device stg # TMC 18C30/18C50 # SCSI peripherals device scbus # SCSI bus (required for SCSI) #device ch # SCSI media changers device da # Direct Access (disks) #device sa # Sequential Access (tape etc) #device cd # CD #device pass # Passthrough device (direct SCSI access) #device ses # SCSI Environmental Services (and SAF-TE) # RAID controllers interfaced to the SCSI subsystem #device amr # AMI MegaRAID #device asr # DPT SmartRAID V, VI and Adaptec SCSI RAID #device ciss # Compaq Smart RAID 5* #device dpt # DPT Smartcache III, IV - See NOTES for options #device hptmv # Highpoint RocketRAID 182x #device iir # Intel Integrated RAID #device ips # IBM (Adaptec) ServeRAID #device mly # Mylex AcceleRAID/eXtremeRAID #device twa # 3ware 9000 series PATA/SATA RAID # RAID controllers #device aac # Adaptec FSA RAID #device aacp # SCSI passthrough for aac (requires CAM) #device ida # Compaq Smart RAID #device mlx # Mylex DAC960 family #device pst # Promise Supertrak SX6000 #device twe # 3ware ATA RAID # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc # AT keyboard controller device atkbd # AT keyboard device psm # PS/2 mouse device vga # VGA video card driver device splash # Splash screen and screen saver support # syscons is the default console driver, resembling an SCO console device sc # Enable this for the pcvt (VT220 compatible) console driver #device vt #options XSERVER # support for X server on a vt console #options FAT_CURSOR # start with block cursor device agp # support several AGP chipsets # Floating point support - do not disable. device npx # Power management support (see NOTES for more options) #device apm # Add suspend/resume support for the i8254. device pmtimer # PCCARD (PCMCIA) support # PCMCIA and cardbus bridge support #device cbb # cardbus (yenta) bridge #device pccard # PC Card (16-bit) bus #device cardbus # CardBus (32-bit) bus # Serial (COM) ports device sio # 8250, 16[45]50 based serial ports # Parallel port #device ppc #device ppbus # Parallel port bus (required) #device lpt # Printer #device plip # TCP/IP over parallel #device ppi # Parallel port interface device #device vpo # Requires scbus and da # If you've got a "dumb" serial or parallel PCI card that is # supported by the puc(4) glue driver, uncomment the following # line to enable it (connects to the sio and/or ppc drivers): #device puc # PCI Ethernet NICs. #device de # DEC/Intel DC21x4x (``Tulip'') #device em # Intel PRO/1000 adapter Gigabit Ethernet Card #device ixgb # Intel PRO/10GbE Ethernet Card #device txp # 3Com 3cR990 (``Typhoon'') #device vx # 3Com 3c590, 3c595 (``Vortex'') # PCI Ethernet NICs that use the common MII bus controller code. # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! device miibus # MII bus support #device bfe # Broadcom BCM440x 10/100 Ethernet #device bge # Broadcom BCM570xx Gigabit Ethernet #device dc # DEC/Intel 21143 and various workalikes #device fxp # Intel EtherExpress PRO/100B (82557, 82558) #device lge # Level 1 LXT1001 gigabit ethernet #device nge # NatSemi DP83820 gigabit ethernet #device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc') #device re # RealTek 8139C+/8169/8169S/8110S device rl # RealTek 8129/8139 #device sf # Adaptec AIC-6915 (``Starfire'') #device sis # Silicon Integrated Systems SiS 900/SiS 7016 #device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet #device ste # Sundance ST201 (D-Link DFE-550TX) #device ti # Alteon Networks Tigon I/II gigabit Ethernet #device tl # Texas Instruments ThunderLAN #device tx # SMC EtherPower II (83c170 ``EPIC'') #device vge # VIA VT612x gigabit ethernet #device vr # VIA Rhine, Rhine II #device wb # Winbond W89C840F #device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') # ISA Ethernet NICs. pccard NICs included. #device cs # Crystal Semiconductor CS89x0 NIC # 'device ed' requires 'device miibus' #device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards #device ex # Intel EtherExpress Pro/10 and Pro/10+ #device ep # Etherlink III based cards #device fe # Fujitsu MB8696x based cards #device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc. #device lnc # NE2100, NE32-VL Lance Ethernet cards #device sn # SMC's 9000 series of Ethernet chips #device xe # Xircom pccard Ethernet # ISA devices that use the old ISA shims #device le # Wireless NIC cards #device wlan # 802.11 support #device an # Aironet 4500/4800 802.11 wireless NICs. #device awi # BayStack 660 and others #device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs. #device wl # Older non 802.11 Wavelan wireless NIC. # Pseudo devices. device loop # Network loopback #device mem # Memory and kernel memory devices #device io # I/O device device random # Entropy device device ether # Ethernet support #device sl # Kernel SLIP #device ppp # Kernel PPP device tun # Packet tunnel. device pty # Pseudo-ttys (telnet etc) device md # Memory "disks" device gif # IPv6 and IPv4 tunneling #device faith # IPv6-to-IPv4 relaying (translation) # The `bpf' device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! device bpf # Berkeley packet filter # USB support device uhci # UHCI PCI->USB interface device ohci # OHCI PCI->USB interface device usb # USB Bus (required) #device udbp # USB Double Bulk Pipe devices device ugen # Generic device uhid # "Human Interface Devices" device ukbd # Keyboard device ulpt # Printer device umass # Disks/Mass storage - Requires scbus and da device ums # Mouse #device urio # Diamond Rio 500 MP3 player #device uscanner # Scanners # USB Ethernet, requires mii #device aue # ADMtek USB Ethernet #device axe # ASIX Electronics USB Ethernet #device cue # CATC USB Ethernet #device kue # Kawasaki LSI USB Ethernet #device rue # RealTek RTL8150 USB Ethernet # FireWire support #device firewire # FireWire bus code #device sbp # SCSI over FireWire (Requires scbus and da) #device fwe # Ethernet over FireWire (non-standard!) diablo:/usr/src/sys/i386/conf> I simply commented out the lines that failed in 5.2 since they were for 5.3 (ie, device io, device mem, and options ADAPTIVE_GIANT) *** Interfaces: rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 ether 00:00:21:f2:a5:47 media: Ethernet autoselect (100baseTX <full-duplex>) status: active rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet 144.136.223.204 netmask 0xfffffc00 broadcast 255.255.255.255 ether 00:40:f4:90:1c:4b media: Ethernet autoselect (100baseTX <full-duplex>) status: active lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet 127.0.0.1 netmask 0xff000000 *** Firewall: diablo:/home/diskiller# more /etc/firewall.diablo ######################################################################## ### FIREWALL ########################################################### ######################################################################## # external if = rl1 # internal if = rl0 # internal net = 10.0.0.0/24 # EVIL SHIT add deny log tcp from any to any 137,138,139 via rl1 add deny log udp from any to any 137,138,139 via rl1 # Allow your loop back to work add allow all from any to any via lo0 # DHCP add allow udp from any to any 67,68 # Prevent spoofing of your loopback add deny log all from any to 127.0.0.0/8 add deny log all from 127.0.0.0/8 to any # Stop spoofing of your internal network range add deny log ip from 10.0.0.0/24 to any in via rl1 # Stop spoofing from inside your private ip range add deny log ip from not 10.0.0.0/24 to any in via rl0 # Something from the bigpond network, and NEEDS to be here before below # rules block it. Its a heartbeat, among other things? *confusing* add allow ip from 10.64.28.1 to any in via rl1 # Stop private networks (RFC1918) from entering the outside interface. add deny log ip from 192.168.0.0/16 to any in via rl1 add deny log ip from 172.16.0.0/12 to any in via rl1 add deny log ip from 10.0.0.0/8 to any in via rl1 add deny log ip from any to 192.168.0.0/16 in via rl1 add deny log ip from any to 172.16.0.0/12 in via rl1 add deny log ip from any to 10.0.0.0/8 in via rl1 # NATD add divert natd all from any to any via rl1 # UDP add allow udp from any to any # Allow IPsec connections flow freely #add allow esp from any to any # Allow VPN data to flow free via rl2 (where my VPN to matt is over wireless) #add allow ipencap from any to any via rl2 # Allow existing tcp connections open from inside my lan to keep working add allow tcp from any to any established # Allow internal lan machines to open connections to the gw/Internet add allow tcp from 10.0.0.0/24 to any setup # my lan #add allow tcp from 10.0.2.0/24 to any setup # wireless lan (+ homer) #add allow tcp from 10.0.4.0/24 to any setup # matt's lan # Allow gw to open connections to the Internet (tcp/udp/etc) add allow ip from 144.136.0.0/16 to any setup out via rl1 # Allow some ICMP's add allow icmp from any to any icmptypes 3,4,11,12,8,0 # Diablo services - Incoming connections allowed add allow tcp from any to any 21 in via rl1 setup add allow tcp from any to any 22 in via rl1 setup add allow tcp from any to any 25 in via rl1 setup add allow tcp from any to any 53 in via rl1 setup add allow tcp from any to any 80 in via rl1 setup #add allow tcp from any to any 110 in via rl1 setup #add allow tcp from any to any 143 in via rl1 setup add allow tcp from any to any 993 in via rl1 setup add allow tcp from any to any 995 in via rl1 setup #add allow tcp from any to any 3389 in via rl1 setup # RD #add allow tcp from any to any 6667 in via rl1 setup # IRC server #add allow tcp from 144.136.0.0/16 to any 5901 in via rl1 setup # VNC on diablo #add allow tcp from 203.194.94.0/24 to any 5901 in via rl1 setup # VNC on diablo #add allow tcp from any to any 6881 # Bit Torrent #add allow tcp from any to any 6882 # Bit Torrent #add allow tcp from any to any 6883 # Bit Torrent #add allow tcp from any to any 6884 # Bit Torrent #add allow tcp from any to any 6112 # SC/BW # UT2003/UT2004 add allow tcp from any to any 7777 in via rl1 setup add allow tcp from any to any 7778 in via rl1 setup add allow tcp from any to any 7787 in via rl1 setup add allow tcp from any to any 7788 in via rl1 setup # Politely and quickly rejects AUTH requests (IRC!! #*()_at_$_at_#$) add reset tcp from any to any 113 in via rl1 # Make the default 'deny' rule log too. add 65500 deny log ip from any to any diablo:/home/diskiller# I really hope someone can figure this one out... Thanks, Martin. -- diskiller_at_diskiller.net | www.diskiller.net | irc.diskiller.net (No trees were destroyed in the sending of this message. However, a large number of electrons were significantly inconvenienced.)Received on Fri Feb 11 2005 - 01:56:31 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:28 UTC