strange packets

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

strange packets

mediomen27
Hi, I have a new openbsd firewall but I have one strange problem... it is
really slow for surfing internet.
I have discovered that if I use squid as proxy (installed on the firewall)
the internet speed is ok. If I don't use squid the browsing is very very
slow... also if I ping google from a client I loose 25% of packets... if I
ping google from the fw I dont lose any packets. Using tcpdump on the
egress IF I see that the packets from the lan client go out but I don't
receive any reply... I mean the 25% of packets..
My lan has 150 users... and the firewall is a cluster with 2 nodes and 2 GB
ram each..
it worked fine from the born.. about 2 or 3 weeks ago.
I changed the pf.conf with an old one ... for old I mean 10 days ago... but
nothing was changed.
Any help ?

Reply | Threaded
Open this post in threaded view
|

Re: strange packets

Mihai Popescu-3
> Any help ?

Yes. Look here: http://www.openbsd.org/support.html
For the sake of those 150 users ...

Reply | Threaded
Open this post in threaded view
|

Re: strange packets

Sterling Archer
In reply to this post by mediomen27
On Tue, Mar 7, 2017 at 4:50 PM, Frank White <[hidden email]> wrote:

> Hi, I have a new openbsd firewall but I have one strange problem... it is
> really slow for surfing internet.
> I have discovered that if I use squid as proxy (installed on the firewall)
> the internet speed is ok. If I don't use squid the browsing is very very
> slow... also if I ping google from a client I loose 25% of packets... if I
> ping google from the fw I dont lose any packets. Using tcpdump on the
> egress IF I see that the packets from the lan client go out but I don't
> receive any reply... I mean the 25% of packets..
> My lan has 150 users... and the firewall is a cluster with 2 nodes and 2 GB
> ram each..
> it worked fine from the born.. about 2 or 3 weeks ago.
> I changed the pf.conf with an old one ... for old I mean 10 days ago... but
> nothing was changed.
> Any help ?
>
>
Can't really help when you don't tell us anything relevant about your setup.
Maybe you should post the contents of relevant configuration files?
pf.conf, hostname.if files, etc.