Crawling web GUI when internet line saturated or state table almost full



  • just noticed another issue.

    i got a 1mbps downlink with 256kbps uplink on WAN, traffic shaper etc all configured fine and falling into proper queues. i just started a torrent download on my local PC and when it was downloading and uploading at max speed, i tried opening the web gui and noticed the firewall would drop the connection multiple times and the times it worked, it would take almost 2mins to navigate to different pages on the web gui. with 1.2.3 it used to work normal as my PC is connected to the firewall using a 100mbps link so opening up the firewall page shouldnt go this slow, i tried serial console and that also seems to have started crawling till the torrent download is running, as soon as i stop torrents and all state tables slowly start clearing, it comes to normal but not like before, feels like the CPU is stuck doing something but its not 100% usage. finally a reboot gets everything to normal.

    im running nanobsd on alix



  • further investigation shows state tables with almost 1000 such entries

    192.168.0.11 is local pc ip
    28183 is utorrent port being used on it and forwarded to that ip
    28184 is utorrent port being forwarded to ip 192.168.0.14 but that PC is off

    entries in state table
    tcp  192.168.0.1:41384 -> 192.168.0.14:28184  SYN_SENT:CLOSED 
    tcp 192.168.0.1:41385 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41386 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41387 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41388 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41389 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41390 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41391 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41392 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41393 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41394 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41395 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41396 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41397 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41398 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41399 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41400 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41401 -> 192.168.0.14:28184 SYN_SENT:CLOSED
    tcp 192.168.0.1:41402 -> 192.168.0.14:28184 SYN_SENT:CLOSED



  • sorry but figured it out, actually the NAT reflection is still the issue, im on the 30th december snapshot where those entries related to nAT reflection stopped coming in the system log but i guess it still has some problem coz after disabling it, i ran torrent downloads for a few hours now and everything works fine as normal.


Log in to reply