L7 floating rule stops traffic flow after few hours



  • Moderators, please change the section if this post doesn't belong here.

    I have a dual WAN (PPPoE) setup, say WAN1 and WAN2 with squid+HAVP.

    Rules on LAN interface tab are to send:

    • All the HTTP and NON-Loadbalance-able TCP traffic through WAN1(failover to WAN2)
    • Rest of the destination ports to WAN2 (failover to WAN1).
    • Catchall rule loadbalances between WAN1 and WAN2

    In order to LB/Failover Squid+HAVP traffic, "Floating" tab has rule:

    • Pass - Quick -  WAN1 & WAN2 - Direction Out - TCP - SRC ANY - DST ANY - DSTPORT 80 - G/W WAN1 failover to WAN2 - L7 container to block mp3, torrents

    Next, I also had added a rule on "Floating":

    • Pass - WAN1 & WAN2 - Direction any - TCP/UDP - SRC ANY - DST ANY - DSTPORT ANY - L7 container to block mp3, torrents

    This was working fine for say 5 hours when suddenly traffic to POP3 port 110 stopped passing through. tcpdump showed that requests were going out to the server on Internet, while there was no reply being received. As soon as I disabled this rule, POP3 started working. There was nothing in the system logs.

    Now, the questions are:

    • Is this the correct way to implement L7 filtering to block mp3 and torrents?
    • After disabling this I enabled L7 container on individual "LAN" rules, which in my opinion will require more system resources as all the traffic might not be destined to the Internet. This is working as of now, but ipfw-classifyd is consuming 15-50% of CPU. It is Atom single core 1.8 GHz with hyper threading.
    • Where can I find debug logs for ipfw-classifyd? System logs don't have anything for ipfw-classifyd other than:
    
    Sep 30 13:32:56 thehop ipfw-classifyd: Reloading config...                                                                                                                         
    Sep 30 13:32:56 thehop ipfw-classifyd: Loaded Protocol: bittorrent (rule action block)                                                                                             
    Sep 30 13:32:56 thehop ipfw-classifyd: Loaded Protocol: chikka (rule action block)                                                                                                 
    Sep 30 13:32:56 thehop ipfw-classifyd: Loaded Protocol: edonkey (rule action block)                                                                                                
    Sep 30 13:32:56 thehop ipfw-classifyd: Loaded Protocol: fasttrack (rule action block)                                                                                              
    Sep 30 13:32:56 thehop ipfw-classifyd: Loaded Protocol: imesh (rule action block)                                                                                                  
    Sep 30 13:32:56 thehop ipfw-classifyd: Loaded Protocol: mp3 (rule action block) 
    
    

    Thanks in advance for your guidance.


Locked