Date: Sat, 14 Dec 2019 14:15:29 -0800 From: Chris <bsd-lists@BSDforge.com> To: "John W. OBrien" <john@saltant.com> Cc: FreeBSD Networking <freebsd-net@freebsd.org> Subject: Re: NAT64 return traffic vanishes after successful de-alias Message-ID: <2401399a05f75fa4b78f4d66c67c9e97@udns.ultimatedns.net> In-Reply-To: <9f3ee846-1357-0b73-cc0f-e001ea74b15c@saltant.com>
index | next in thread | previous in thread | raw e-mail
On Sat, 14 Dec 2019 14:54:26 -0500 John W. OBrien john@saltant.com said > Hello FreeBSD Networking, > > As the subject summarizes, I have a mostly-working NAT64 rig, but return > traffic is disappearing, and I haven't been able to figure out why. I > observe the post-translation (4-to-6) packets via ipfwlog0, but a simple > ipfw counter rule ipfw matches nothing. > > My attempt to develop a minimum reproducible example failed in the sense > that I did not reproduce the problem. Of course, this implies that one > of the many differences between the simplified test (EC2 instance, two > jails) and the problem rig (physical server, lagg, vlans, other things > going on) is the cause. > > What I am hoping this list can help me with is being smart about what I > try next. Otherwise, I would probably just try to brute force a solution > by thinking of ways to permute the config that would rule each possible > difference in or out. > > So far my main troubleshooting tools have been ipfw for its rule > counters and nat64lsn stats output, netstat to look at fibs, and tcpdump > pointed at real and diagnostic interfaces. What debugging tools and > techniques should I employ to do better than brute force? > > If it would help, I would gladly share the working, EC2/jail demo > configs on the list. Sharing the non-working configs I would prefer to > do privately or not at all. > > This is on 12.1-RELEASE. > > Thank you, pf(4) is pretty close to metal, and would probably be a good candidate for acquiring the type of statistics your hoping to find; pfctl(8), pfctl -s, and pfctl -T are a few examples. HTH --Chris > > -- > John W. O'Brien > OpenPGP keys: > 0x33C4D64B895DBF3Bhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2401399a05f75fa4b78f4d66c67c9e97>