[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF and stalled connections

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: PF and stalled connections
From: Olaf Schreck <chakl_(_at_)_syscall_(_dot_)_de>
Date: Mon, 30 Dec 2002 22:18:38 +0100

> All type of sessions - I first picked it up when one the users was playing 
> counterstrike online and complained of periodic pauses. I ignored him of 
> course, until I noticed the same problem when I was ssh'ing to an external 
> host. And it's also evident with pop and http.

Hmm, reminds me of an incident with 2.9 and pf's predecessor..  Have you 
checked how many connections/states actually go through the firewall? 

We saw the very same symptoms, flaky ssh, users complaining about failed 
http/pop, 15-30% packet loss on the external interface.  There were ~1000 
active states from and to the counterstrike port range, stuffing the pipe 
and resulting in dropped packets.  [you already guess, a /29 netblock 
allocated to a teenager, and pass all rules as requested by customer 
policy :]

Some game geek said it didn't look like normal game traffic, so we 
suspected file sharing stuff masquerading over counterstrike ports.  
Customer shut down the offending systems, flush states on the firewall, 
back to normal operation..


ciao,
chakl

Follow-Ups:
- Re: PF and stalled connections
  - From: David S.

References:
- Re: PF and stalled connections
  - From: Dom De Vitto

Prev by Date: Re: win2000 and openbsd
Next by Date: lazy man's "pkg_delete" (terrible script - help!)
Previous by thread: Re: PF and stalled connections
Next by thread: Re: PF and stalled connections
Index(es):
- Date
- Thread

Visit your host, monkey.org