Found a reason to leave ipfwadm and 2.0.38 kernel

J.L.Francois jlf@magusnet.gilbert.az.us
Sun, 18 Jun 2000 19:36:00 -0700 

-----BEGIN PGP SIGNED MESSAGE-----

Just some notes on the last 2 days in the event any of you
still using 2.0.X kernels and related tools.

I am 80% completed on migrating the remainder of my
internal LAN to Debian on SPARC and keeping one i386
box for other uses.

I set up wget to pull in some files from ftp.us.debian.org
and ftp.openbsd.org so I could make some CDROMs for myself
and to sell and/or give away at the next PLUG meeting.

In the process I found that the code in ipfwadm for IP-MASQ
cannot handle the connections I needed for pulling in site data.
the wget download would cause kernel panics in the "swapper"
or the system would lock up with no errors in any logs.

I was able to verify the problem easily by starting up wget.
6 continuous hours of kernel builds and memory tests were
done to make sure it wasn't something else.

The MagusNet Public Proxy peaked at 100RPM after I stopped
wget and the load went up as high as 15.00 with no errors
or failuers.

I hadn't bothered to update the kernel on my firewall
from 2.0.38 since the majority of the connections I
handle both incoming and outgoing are handled via proxy
not IP-MASQ and I don't upgrade unless there is a
pressing need for it.

So, if you plan to have a high volume TCP/UDP gateway
with lots of transient IP address traffic, I would
suggest going straight to 2.2.16 and using ipfilter
if you plan on using NAT/IP-MASQ.
Although this is the PLUG list, any BSD is also an option.

I corrected the problem by using the environment variables:
http_proxy
ftp_proxy
with wget and using my internal proxy to get the data.

Jean Francois Sends...
President & CEO - MagusNet, Inc., MagusNet.com, MagusNet.Gilbert.AZ.US
Director Of Managed Services - OpNIX,Inc., www.opnix.com
OpNIX - Simply Better Bandwidth
602-770-JLF1 - Cellular, ICQ:  8137851


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.4.4 (GNU/Linux)
Comment: No Good Deed Goes Unpunished

iD8DBQE5TYb/Y39FeWGJ1u4RAtg+AJ9c5f1Z+FKFin1IKnklfkhX9R5HcQCdGSV4
a+GysUjDbXIkIWBS6h99Qc8=
=1X7q
-----END PGP SIGNATURE-----