I''m not sure what I have done to screw up my firewall/system but yesterday the strangest thing happened. Whenever I run shorewall my system slows to less than a crawl and becomes unusable. I actually had to turn off the power today as the system was hung solid. I am running the following configuration: The computer is a Compaq ML370 with 512 MB and Dual Zeon 933mHz CPUs and a Smart Array 4200 controller with 2 9.1 GB SCSI drives mirrored by the controller. RedHat Linux v7.3 with all of the latest updates using up2date. Linux Kernel kernel-2.4.18-18mppe.i586 PPTPD 1.1.2 patched for mppe Shorewall 1.3.13-1. Today I uninstalled Shorewall, reinstalled and reconfigured. The same problem persists. The strangest part is that up until yesterday it seemed to be working. Is there an obvious problem with a dependency or something that someone knows about that could cause this situation? Thanks, Niels
--On Sunday, February 09, 2003 4:47 PM -0600 "Damgaard, Niels" <ndamgaard@delcoautomation.com> wrote:> I''m not sure what I have done to screw up my firewall/system but > yesterday the strangest thing happened. Whenever I run shorewall my > system slows to less than a crawl and becomes unusable. I actually had > to turn off the power today as the system was hung solid. > > I am running the following configuration: > > The computer is a Compaq ML370 with 512 MB and Dual Zeon 933mHz CPUs and > a Smart Array 4200 controller with 2 9.1 GB SCSI drives mirrored by the > controller. > > RedHat Linux v7.3 with all of the latest updates using up2date. > > Linux Kernel kernel-2.4.18-18mppe.i586 > > PPTPD 1.1.2 patched for mppe > > Shorewall 1.3.13-1. Today I uninstalled Shorewall, reinstalled and > reconfigured. The same problem persists. > > The strangest part is that up until yesterday it seemed to be working. > > Is there an obvious problem with a dependency or something that someone > knows about that could cause this situation? > > Thanks, > > Niels > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users-- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
--On Sunday, February 09, 2003 4:47 PM -0600 "Damgaard, Niels" <ndamgaard@delcoautomation.com> wrote:> > The strangest part is that up until yesterday it seemed to be working.So what changes did you make yesterday?> > Is there an obvious problem with a dependency or something that someone > knows about that could cause this situation? >None that I know of. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
--On Sunday, February 09, 2003 5:11 PM -0600 Niels Damgaard <nielsd@shaw.ca> wrote:> > --On Sunday, February 09, 2003 4:47 PM -0600 "Damgaard, Niels" > <ndamgaard@delcoautomation.com> wrote: > >> >> The strangest part is that up until yesterday it seemed to be working. > > So what changes did you make yesterday? > > > I was making some minor adjustments to my Rules file. But I saved those > in another directory and reinstalled shorewall today and the problem > persists. Could some system files like whatever ip_tables, ipv6 uses be > corrupted causing this type of problem?What you "shorewall start", all you are doing is configuring Netfilter within your kernel. Once the "shorewall start" completes, there is no user-space iptables code running. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
It could be hardware based-problem, related to the nic''s. I had a network ingress issue a few weeks ago from 2 mis-configured switches, and the load of traffic that was generated on the wire made the linux box crawl, even if it wasn''t routing any traffic across any interfaces. We were using some 8139-based chipset nic''s and it was the source of the problem. Kris -----Original Message----- From: Damgaard, Niels [mailto:ndamgaard@delcoautomation.com] Sent: Sun 09/02/2003 5:47 PM To: shorewall-users@lists.shorewall.net Cc: Subject: [Shorewall-users] Slow Performance I''m not sure what I have done to screw up my firewall/system but yesterday the strangest thing happened. Whenever I run shorewall my system slows to less than a crawl and becomes unusable. I actually had to turn off the power today as the system was hung solid. I am running the following configuration: The computer is a Compaq ML370 with 512 MB and Dual Zeon 933mHz CPUs and a Smart Array 4200 controller with 2 9.1 GB SCSI drives mirrored by the controller. RedHat Linux v7.3 with all of the latest updates using up2date. Linux Kernel kernel-2.4.18-18mppe.i586 PPTPD 1.1.2 patched for mppe Shorewall 1.3.13-1. Today I uninstalled Shorewall, reinstalled and reconfigured. The same problem persists. The strangest part is that up until yesterday it seemed to be working. Is there an obvious problem with a dependency or something that someone knows about that could cause this situation? Thanks, Niels _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.shorewall.net http://lists.shorewall.net/mailman/listinfo/shorewall-users
Hi. Just butting in with possibly irrelevant questions... Have you tried running top to see what''s happening on the shorewall box? It''s grunty hardware for a firewall, I''d be surprised if is was shorewall slowing it up, sounds to me more like something else has gone awry. Michael * Tom Eastep <teastep@shorewall.net> [2003-02-10 10:52]:> > > --On Sunday, February 09, 2003 5:11 PM -0600 Niels Damgaard > <nielsd@shaw.ca> wrote: > > > > >--On Sunday, February 09, 2003 4:47 PM -0600 "Damgaard, Niels" > ><ndamgaard@delcoautomation.com> wrote: > > > >> > >>The strangest part is that up until yesterday it seemed to be working. > > > >So what changes did you make yesterday? > > > > > >I was making some minor adjustments to my Rules file. But I saved those > >in another directory and reinstalled shorewall today and the problem > >persists. Could some system files like whatever ip_tables, ipv6 uses be > >corrupted causing this type of problem? > > What you "shorewall start", all you are doing is configuring Netfilter > within your kernel. Once the "shorewall start" completes, there is no > user-space iptables code running. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://www.shorewall.net > Washington USA \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users
make sure name resolving still works... that can cause the weirdest problems... /magnus "Damgaard, Niels" wrote:> > I''m not sure what I have done to screw up my firewall/system but > yesterday the strangest thing happened. Whenever I run shorewall my > system slows to less than a crawl and becomes unusable. I actually had > to turn off the power today as the system was hung solid. > > I am running the following configuration: > > The computer is a Compaq ML370 with 512 MB and Dual Zeon 933mHz CPUs and > a Smart Array 4200 controller with 2 9.1 GB SCSI drives mirrored by the > controller. > > RedHat Linux v7.3 with all of the latest updates using up2date. > > Linux Kernel kernel-2.4.18-18mppe.i586 > > PPTPD 1.1.2 patched for mppe > > Shorewall 1.3.13-1. Today I uninstalled Shorewall, reinstalled and > reconfigured. The same problem persists. > > The strangest part is that up until yesterday it seemed to be working. > > Is there an obvious problem with a dependency or something that someone > knows about that could cause this situation? > > Thanks, > > Niels > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users