a very strange netstat output and problem when using transparent proxy

Marat N.Afanasyev amarat at ksu.ru
Tue Nov 7 16:39:10 UTC 2006 

Oliver Fromme wrote:
> Marat N.Afanasyev <amarat at ksu.ru> wrote:
>  > I've encountered a very strange situation about two hours ago. I use 
>  > squid as transparent proxy and forward all the packets from port 80 to 
>  > port 8000. Problem is, first of all, I have a lot of ierrs on interface 
>  > when looking to interface stats using netstat.
> 
> What kind of interface is that?  Excerpt from dmesg,
> ifconfig and netstat -i might be useful.

bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
         inet6 fe80::250:45ff:fe5f:4f78%bge0 prefixlen 64 scopeid 0x1
         inet xx.xx.xx.xx netmask 0xffffffc0 broadcast xx.xx.xx.xx
         ether 00:50:45:5f:4f:78
         media: Ethernet autoselect (100baseTX <full-duplex>)
         status: active

bge0   1500 <Link#1>      00:50:45:5f:4f:78  2341018   799  3062828 
0     0

% uptime
  7:34PM  up 40 mins, 3 users, load averages: 0.14, 0.16, 0.08

Hardware is clean. Each of my boxes with broadcom 5704 has the same 
problem. Patchcords are no longer than 4 feet, plugged into catalyst 
2960 directly without patchpanels.

> In general, errors on the interface usually indicate a
> hardware error (NIC, cables, port).  However, it might
> also be a driver bug.
> 
>  > The second problem is far 
>  > more serious: after a short period of time I have a completely frozen 
>  > system that can only send data, but very rarely receive and generates a 
>  > huge amount of ierrs on interface.
>  > 
>  > ipfw rules are as follows:
>  > 
>  > 00001 allow ip from any to any via lo0
>  > 00002 deny ip from any to 127.0.0.0/8
>  > 00003 deny ip from 127.0.0.0/8 to any
>  > 00010 fwd xx.xx.xx.xx,8000 tcp from any to me dst-port 80
>  > 65535 allow ip from any to any
>  > 
>  > problem with ierrs disappears after I delete rule with forward, but I 
>  > need this rule :(
> 
> In that rule, is "xx.xx.xx.xx" an IP address configured
> on your NIC, or is it 127.0.0.1?  If the former, try to
> replace it with 127.0.0.1 and check if that improves the
> situation.

Real IP address. I've already switched forward off and make squid listen 
on 80 instead. Problem persists.

> 
> However, the FWD line should not cause ierrs on the NIC.
> If you're sure that your hardware is good, then there's
> probably a bug somewhere.
> 
> Best regards
>    Oliver
> 

I can say that i was finally wrong. problem is caused not by ipfw, as i 
think, but rather with broadcom 5704 based NIC. This NIC somehow drops 
Ethernet frames. I'm still wandering, why.

-- 
SY, Marat

More information about the freebsd-net mailing list