[FUG-BR] RES: PFSense - Depois de aproximadamente 30 minutos, o trafego de internet é bloqueado

Renato Frederick frederick em dahype.org
Quinta Maio 28 07:26:05 BRT 2009


Posso estar falando bobagem, mas não seria a opção de "State table size"?

Aqui aparecia isto e era porque este limite era excedido rapidamente principalmente por clientes com vírus. Mas no caso é se usar PF, se usar IPFW não sei como fica, na verdade nem sei se as versões mais novas já estão aceitando IPFW por padrão.

Vocês estão usando o 1.2.3 RC1? Ele já esta com o BSD 7.1, mas ainda não animei fazer upgrade, estou eperando sair do RC.

abraços

> -----Mensagem original-----
> De: freebsd-bounces em fug.com.br [mailto:freebsd-bounces em fug.com.br] Em
> nome de Carlos Anderson Jardim
> Enviada em: quinta-feira, 28 de maio de 2009 00:23
> Para: Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)
> Assunto: Re: [FUG-BR] PFSense - Depois de aproximadamente 30 minutos, o
> trafego de internet é bloqueado
>
> Ola Rudnei,
>
> Creio que seu problema deve ser o Penalty Box.
>
> Se voce executou o wizard do pfSense pra gerar as regras rode novamente
> o
> wizard sem selecionar: Penalize IP or Alias
> This will lower the priority of traffic from this IP or alias.
>
> Isso realmente faz com que determinadas maquinas tenham seu acesso mais
> do
> que limitado.
>
> Um forte abraco.
>
> Carlos Jardim
>
>
> ----- Original Message -----
> From: "Rudinei Dias" <rudinei.dias em gmail.com>
> To: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)"
> <freebsd em fug.com.br>
> Sent: Wednesday, May 27, 2009 2:21 PM
> Subject: [FUG-BR] PFSense - Depois de aproximadamente 30 minutos, o
> trafego
> de internet é bloqueado
>
>
> Pessoal,
> recorro aqui depois de recorrer ao forum do PFSense e ao google.
>
> Instalei um PFSense para fazer um teste de traffic shaping na minha
> rede de um laboratório de informática.
> Habilito o traffic shaping e funciona tudo bem. Porém após mais ou
> menos 30 minutos, o trafego de internet para.
> Isso ocorre todas as vezes, em que o meu tráfego está alto.
> Quando libero o traffic shaping e, as vezes libera, as vezes não.
> Obviamente essa é uma máquina de teste, por isso a configuração
> é pouca, mas ainda muito superior ao minimo exigido.
>
> Não tenho idéia de onde procurar o problema, não há falta de espaço
> em disco nem na área de logs. o TOP não passou de 30% de carga
> da CPU.
>
> Neste pefsense está habilitado o proxy transparente.
>
> O que mais posso verificar?
>
> desde já agradeço.
>
> abaixo transcrevo meu dmesg e o syslog.
> dmesg
> Copyright (c) 1992-2008 The FreeBSD Project.
> Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993,
> 1994
>         The Regents of the University of California. All rights
> reserved.
> FreeBSD is a registered trademark of The FreeBSD Foundation.
> FreeBSD 7.0-RELEASE-p8 #0: Thu Jan  8 22:07:30 EST 2009
>     sullrich em freebsd7-
> releng_1_2_1.pfsense.org:/usr/obj.pfSense/usr/src/sys/pfSe
>                            nse.7
> Timecounter "i8254" frequency 1193182 Hz quality 0
> CPU: AMD Duron(tm) Processor (946.65-MHz 686-class CPU)
>   Origin = "AuthenticAMD"  Id = 0x631  Stepping = 1
>
> Features=0x183f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,
> CMOV,PA
>                            T,PSE36,MMX,FXSR>
>   AMD Features=0xc0440800<SYSCALL,<b18>,MMX+,3DNow!+,3DNow!>
> real memory  = 520093696 (496 MB)
> avail memory = 494710784 (471 MB)
> wlan: mac acl policy registered
> ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413,
> RF5413)
> hptrr: HPT RocketRAID controller driver v1.1 (Jan  8 2009 22:07:11)
> cryptosoft0: <software crypto> on motherboard
> cpu0 on motherboard
> pcib0: <Host to PCI bridge> pcibus 0 on motherboard
> pir0: <PCI Interrupt Routing Table: 4 Entries> on motherboard
> pci0: <PCI bus> on pcib0
> agp0: <SiS 730 host to AGP bridge> on hostb0
> atapci0: <SiS 730 UDMA100 controller> port
> 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0
> xff00-0xff0f at device 0.1 on pci0
> ata0: <ATA channel 0> on atapci0
> ata0: [ITHREAD]
> ata1: <ATA channel 1> on atapci0
> ata1: [ITHREAD]
> isab0: <PCI-ISA bridge> at device 1.0 on pci0
> isa0: <ISA bus> on isab0
> sis0: <SiS 900 10/100BaseTX> port 0xd400-0xd4ff mem
> 0xcfff7000-0xcfff7fff irq 3                             at device 1.1
> on pci0
> miibus0: <MII bus> on sis0
> rlphy0: <RTL8201L 10/100 media interface> PHY 0 on miibus0
> rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
> sis0: Ethernet address: 00:e0:06:f7:a2:51
> sis0: [ITHREAD]
> ohci0: <SiS 5571 USB controller> mem 0xcfffc000-0xcfffcfff irq 5 at
> device 1.2 o                            n pci0
> ohci0: [GIANT-LOCKED]
> ohci0: [ITHREAD]
> usb0: OHCI version 1.0, legacy support
> usb0: <SiS 5571 USB controller> on ohci0
> usb0: USB revision 1.0
> uhub0: <SiS OHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb0
> uhub0: 3 ports with 3 removable, self powered
> ohci1: <SiS 5571 USB controller> mem 0xcfffd000-0xcfffdfff irq 5 at
> device 1.3 o                            n pci0
> ohci1: [GIANT-LOCKED]
> ohci1: [ITHREAD]
> usb1: OHCI version 1.0, legacy support
> usb1: <SiS 5571 USB controller> on ohci1
> usb1: USB revision 1.0
> uhub1: <SiS OHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb1
> uhub1: 3 ports with 3 removable, self powered
> pci0: <multimedia, audio> at device 1.4 (no driver attached)
> pcib1: <PCI-PCI bridge> at device 2.0 on pci0
> pci1: <PCI bus> on pcib1
> vgapci0: <VGA-compatible display> port 0xac00-0xac7f mem
> 0xc0000000-0xc7ffffff,0
> xcfee0000-0xcfefffff at device 0.0 on pci1
> dc0: <Davicom DM9102A 10/100BaseTX> port 0xd000-0xd0ff mem
> 0xcfff6f00-0xcfff6fff                             irq 11 at device 9.0
> on pci0
> miibus1: <MII bus> on dc0
> amphy0: <DM9102 10/100 media interface> PHY 1 on miibus1
> amphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
> dc0: Ethernet address: 00:80:ad:71:65:db
> dc0: [ITHREAD]
> rl0: <RealTek 8139 10/100BaseTX> port 0xcc00-0xccff mem
> 0xcfff6e00-0xcfff6eff ir                            q 3 at device 11.0
> on pci0
> miibus2: <MII bus> on rl0
> rlphy1: <RealTek internal media interface> PHY 0 on miibus2
> rlphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
> rl0: Ethernet address: 00:e0:7d:cd:51:5c
> rl0: [ITHREAD]
> pmtimer0 on isa0
> orm0: <ISA Option ROMs> at iomem 0xc0000-0xcbfff,0xcc000-0xd3fff pnpid
> ORM0000 o                            n isa0
> atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
> atkbd0: <AT Keyboard> irq 1 on atkbdc0
> kbd0 at atkbd0
> atkbd0: [GIANT-LOCKED]
> atkbd0: [ITHREAD]
> psm0: <PS/2 Mouse> irq 12 on atkbdc0
> psm0: [GIANT-LOCKED]
> psm0: [ITHREAD]
> psm0: model IntelliMouse Explorer, device ID 4
> fdc0: <Enhanced floppy controller> at port 0x3f0-0x3f5,0x3f7 irq 6 drq
> 2 on
> isa0
> fdc0: [FILTER]
> ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
> ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode
> ppbus0: <Parallel port bus> on ppc0
> ppbus0: [ITHREAD]
> plip0: <PLIP network interface> on ppbus0
> lpt0: <Printer> on ppbus0
> lpt0: Interrupt-driven port
> ppi0: <Parallel I/O> on ppbus0
> ppc0: [GIANT-LOCKED]
> ppc0: [ITHREAD]
> sc0: <System console> at flags 0x100 on isa0
> sc0: VGA <16 virtual consoles, flags=0x300>
> sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
> sio0: type 16550A
> sio0: [FILTER]
> sio1: configured irq 3 not in bitmap of probed irqs 0
> sio1: port may not be enabled
> vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on
> isa0
> unknown: <PNP0c01> can't assign resources (memory)
> unknown: <PNP0303> can't assign resources (port)
> speaker0: <PC speaker> at port 0x61 pnpid PNP0800 on isa0
> unknown: <PNP0501> can't assign resources (port)
> unknown: <PNP0400> can't assign resources (port)
> unknown: <PNP0700> can't assign resources (port)
> unknown: <PNP0f13> can't assign resources (irq)
> Timecounter "TSC" frequency 946650405 Hz quality 800
> Timecounters tick every 1.000 msec
> Fast IPsec: Initialized Security Association Processing.
> hptrr: no controller detected.
> ad0: 19470MB <MAXTOR 4K020H1 A08.1500> at ata0-master PIO4
> acd0: CDROM <ATAPI-CD ROM-DRIVE-56MAX/Ver 56CD> at ata1-master PIO4
> Trying to mount root from ufs:/dev/ad0s1a
> dc0: link state changed to UP
> bridge0: Ethernet address: e2:20:2d:e0:a6:f5
> dc0: promiscuous mode enabled
> sis0: promiscuous mode enabled
> sis0: link state changed to UP
> rl0: link state changed to DOWN
> pflog0: promiscuous mode enabled
> dc0: link state changed to DOWN
> dc0: link state changed to UP
>
>
>
> system.log
> ------------------------
>
> May 26 20:13:01 fwlab kernel: atkbdc0: <Keyboard controller (i8042)>
> at port 0x60,0x64 on isa0
> May 26 20:13:01 fwlab kernel: atkbd0: <AT Keyboard> irq 1 on atkbdc0
> May 26 20:13:01 fwlab kernel: kbd0 at atkbd0
> May 26 20:13:01 fwlab kernel: atkbd0: [GIANT-LOCKED]
> May 26 20:13:01 fwlab kernel: atkbd0: [ITHREAD]
> May 26 20:13:01 fwlab kernel: psm0: <PS/2 Mouse> irq 12 on atkbdc0
> May 26 20:13:01 fwlab kernel: psm0: [GIANT-LOCKED]
> May 26 20:13:01 fwlab kernel: psm0: [ITHREAD]
> May 26 20:13:01 fwlab kernel: psm0: model IntelliMouse Explorer, device
> ID 4
> May 26 20:13:01 fwlab kernel: fdc0: <Enhanced floppy controller> at
> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on is                 a0
> May 26 20:13:01 fwlab kernel: fdc0: [FILTER]
> May 26 20:13:01 fwlab kernel: ppc0: <Parallel port> at port
> 0x378-0x37f irq 7 on isa0
> May 26 20:13:01 fwlab kernel: ppc0: Generic chipset (NIBBLE-only) in
> COMPATIBLE mode
> May 26 20:13:01 fwlab kernel: ppbus0: <Parallel port bus> on ppc0
> May 26 20:13:01 fwlab kernel: ppbus0: [ITHREAD]
> May 26 20:13:01 fwlab kernel: plip0: <PLIP network interface> on ppbus0
> May 26 20:13:01 fwlab kernel: lpt0: <Printer> on ppbus0
> May 26 20:13:01 fwlab kernel: lpt0: Interrupt-driven port
> May 26 20:13:01 fwlab kernel: ppi0: <Parallel I/O> on ppbus0
> May 26 20:13:01 fwlab kernel: ppc0: [GIANT-LOCKED]
> May 26 20:13:01 fwlab kernel: ppc0: [ITHREAD]
> May 26 20:13:01 fwlab kernel: sc0: <System console> at flags 0x100 on
> isa0
> May 26 20:13:01 fwlab kernel: sc0: VGA <16 virtual consoles,
> flags=0x300>
> May 26 20:13:01 fwlab kernel: sio0 at port 0x3f8-0x3ff irq 4 flags 0x10
> on
> isa0
> May 26 20:13:01 fwlab kernel: sio0: type 16550A
> May 26 20:13:01 fwlab kernel: sio0: [FILTER]
> May 26 20:13:01 fwlab kernel: sio1: configured irq 3 not in bitmap of
> probed irqs 0
> May 26 20:13:01 fwlab kernel: sio1: port may not be enabled
> May 26 20:13:01 fwlab kernel: vga0: <Generic ISA VGA> at port
> 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
> May 26 20:13:01 fwlab kernel: unknown: <PNP0c01> can't assign resources
> (memory)
> May 26 20:13:01 fwlab kernel: unknown: <PNP0303> can't assign resources
> (port)
> May 26 20:13:01 fwlab kernel: speaker0: <PC speaker> at port 0x61
> pnpid PNP0800 on isa0
> May 26 20:13:01 fwlab kernel: unknown: <PNP0501> can't assign resources
> (port)
> May 26 20:13:01 fwlab kernel: unknown: <PNP0400> can't assign resources
> (port)
> May 26 20:13:01 fwlab kernel: unknown: <PNP0700> can't assign resources
> (port)
> May 26 20:13:01 fwlab kernel: unknown: <PNP0f13> can't assign resources
> (irq)
> May 26 20:13:01 fwlab kernel: Timecounter "TSC" frequency 946650405 Hz
> quality 800
> May 26 20:13:01 fwlab kernel: Timecounters tick every 1.000 msec
> May 26 20:13:01 fwlab kernel: Fast IPsec: Initialized Security
> Association Processing.
> May 26 20:13:01 fwlab kernel: hptrr: no controller detected.
> May 26 20:13:01 fwlab kernel: ad0: 19470MB <MAXTOR 4K020H1 A08.1500>
> at ata0-master PIO4
> May 26 20:13:01 fwlab kernel: acd0: CDROM <ATAPI-CD
> ROM-DRIVE-56MAX/Ver 56CD> at ata1-master PIO4
> May 26 20:13:01 fwlab kernel: Trying to mount root from ufs:/dev/ad0s1a
> May 26 20:13:01 fwlab kernel: dc0: link state changed to UP
> May 26 20:13:01 fwlab php: : foreach if is lan
> May 26 20:13:01 fwlab php: : foreach if is wan
> May 26 20:13:01 fwlab kernel: bridge0: Ethernet address:
> e2:20:2d:e0:a6:f5
> May 26 20:13:01 fwlab php: : An error occurred while trying to obtain
> the MTU setting for dc0.  Using 1500.
> May 26 20:13:01 fwlab php: : An error occurred while trying to obtain
> the MTU setting for sis0.  Using 1500.
> May 26 20:13:02 fwlab kernel: dc0: promiscuous mode enabled
> May 26 20:13:02 fwlab kernel: sis0: promiscuous mode enabled
> May 26 20:13:02 fwlab kernel: sis0: link state changed to UP
> May 26 20:13:02 fwlab kernel: rl0: link state changed to DOWN
> May 26 20:13:03 fwlab kernel: pflog0: promiscuous mode enabled
> May 26 20:13:03 fwlab php: : SQUID is installed but not started.  Not
> installing redirect rules.
> May 26 20:13:03 fwlab php: : SQUID is installed but not started.  Not
> installing redirect rules.
> May 26 20:13:03 fwlab pftpx[369]: listening on 127.0.0.1 port 8021
> May 26 20:13:03 fwlab pftpx[369]: listening on 127.0.0.1 port 8021
> May 26 20:13:09 fwlab php: : NOTE: DHCP Server on LAN is enabled.
> May 26 20:13:09 fwlab dhcpd: Internet Systems Consortium DHCP Server
> V3.0.5
> May 26 20:13:09 fwlab dhcpd: Copyright 2004-2006 Internet Systems
> Consortium.
> May 26 20:13:09 fwlab dhcpd: All rights reserved.
> May 26 20:13:09 fwlab dhcpd: For info, please visit
> http://www.isc.org/sw/dhcp/
> May 26 20:13:09 fwlab dnsmasq[472]: started, version 2.45 cachesize 150
> May 26 20:13:09 fwlab dnsmasq[472]: compile time options: IPv6
> GNU-getopt BSD-bridge ISC-leasefile no-DBus n                 o-I18N
> TFTP
> May 26 20:13:09 fwlab dnsmasq[472]: reading /etc/resolv.conf
> May 26 20:13:09 fwlab dnsmasq[472]: using nameserver 200.199.201.23#53
> May 26 20:13:09 fwlab dnsmasq[472]: using nameserver 200.199.252.68#53
> May 26 20:13:09 fwlab dnsmasq[472]: read /etc/hosts - 2 addresses
> May 26 20:13:12 fwlab php: : SQUID is installed but not started.  Not
> installing redirect rules.
> May 26 20:13:12 fwlab php: : SQUID is installed but not started.  Not
> installing redirect rules.
> May 26 20:13:13 fwlab php: : Creating rrd update script
> May 26 20:13:14 fwlab php: : NOTE: DHCP Server on LAN is enabled.
> May 26 20:13:14 fwlab dhcpd: Internet Systems Consortium DHCP Server
> V3.0.5
> May 26 20:13:14 fwlab dhcpd: Copyright 2004-2006 Internet Systems
> Consortium.
> May 26 20:13:14 fwlab dhcpd: All rights reserved.
> May 26 20:13:14 fwlab dhcpd: For info, please visit
> http://www.isc.org/sw/dhcp/
> May 26 20:13:15 fwlab php: : Resyncing configuration for all packages.
> May 26 20:13:11 fwlab php: : Reloading Squid for configuration sync
> May 26 20:13:12 fwlab last message repeated 6 times
> May 26 20:13:12 fwlab php: : The Backup package is missing required
> dependencies and must be reinstalled.
> May 26 20:13:12 fwlab php: : The Backup package is missing required
> dependencies and must be reinstalled.
> May 26 20:13:13 fwlab php: : The Cron package is missing required
> dependencies and must be reinstalled.
> May 26 20:13:13 fwlab php: : The Cron package is missing required
> dependencies and must be reinstalled.
> May 26 20:13:13 fwlab squid[879]: Squid Parent: child process 881
> started
> May 26 20:13:14 fwlab check_reload_status: check_reload_status is
> starting
> May 26 20:13:16 fwlab login: login on ttyv0 as root
> May 26 20:13:16 fwlab sshlockout[948]: sshlockout starting up
> May 26 20:13:16 fwlab sshlockout[948]: sshlockout starting up
> May 26 20:13:18 fwlab Squid_Alarm[961]: Squid has exited.
> Reconfiguring
> filter.
> May 26 20:13:18 fwlab Squid_Alarm[963]: Attempting restart...
> May 26 20:13:18 fwlab squid[970]: Squid Parent: child process 973
> started
> May 26 20:13:21 fwlab Squid_Alarm[1027]: Reconfiguring filter...
> May 26 20:13:23 fwlab Squid_Alarm[1110]: Squid has resumed.
> Reconfiguring filter.
> May 26 20:15:15 fwlab php: /ifstats.php: [DEBUG] Lock recursion
> detected.
> May 26 20:15:19 fwlab php: /sajax/index.sajax.php: [DEBUG] Lock
> recursion detected.
> May 26 20:15:28 fwlab php: /pkg_edit.php: Reloading Squid for
> configuration
> sync
> May 26 20:15:30 fwlab check_reload_status: reloading filter
> May 26 20:20:57 fwlab check_reload_status: reloading filter
> May 26 20:33:41 fwlab kernel: dc0: link state changed to DOWN
> May 26 20:34:26 fwlab kernel: dc0: link state changed to UP
> May 26 20:34:30 fwlab check_reload_status: rc.linkup starting
> May 26 21:13:18 fwlab php: : New alert found: pfSense has started
> creating your SSH keys.  SSH Startup will                  be delayed.
>  Please note that reloading the filter rules and changes will be
> delayed until this operation is                  completed.
> May 26 21:13:22 fwlab php: : New alert found: pfSense has completed
> creating your SSH keys.  SSH is now star                 ted.
> May 26 21:13:23 fwlab sshd[19360]: Server listening on :: port 22.
> May 26 21:13:23 fwlab sshd[19360]: Server listening on 0.0.0.0 port 22.
> May 26 21:38:34 fwlab sshd[26133]: Invalid user rudinei from 20.1.0.50
> May 26 21:38:34 fwlab sshd[26133]: Failed none for invalid user
> rudinei from 20.1.0.50 port 4077 ssh2
> May 26 21:38:37 fwlab sshd[26133]: error: PAM: authentication error
> for illegal user rudinei from 20.1.0.50
> May 26 21:38:37 fwlab sshd[26133]: error: PAM: authentication error
> for illegal user rudinei from 20.1.0.50
> May 26 21:38:37 fwlab sshd[26133]: Failed keyboard-interactive/pam for
> invalid user rudinei from 20.1.0.50 p                 ort 4077 ssh2
> May 26 21:38:44 fwlab sshd[26133]: error: PAM: authentication error
> for illegal user rudinei from 20.1.0.50
> May 26 21:38:44 fwlab sshd[26133]: Failed keyboard-interactive/pam for
> invalid user rudinei from 20.1.0.50 p                 ort 4077 ssh2
> May 26 21:38:54 fwlab sshd[26198]: Accepted keyboard-interactive/pam
> for root from 20.1.0.50 port 4078 ssh2
> May 26 21:38:44 fwlab sshd[26133]: error: PAM: authentication error
> for illegal user rudinei from 20.1.0.50
>
>
> -------------------------------------------------------------
> Rudinei Dias
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
>
>
> __________ Information from ESET Smart Security, version of virus
> signature
> database 4108 (20090527) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd


Mais detalhes sobre a lista de discussão freebsd