From owner-freebsd-questions@freebsd.org  Fri Mar  3 16:14:48 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4C8FBCF6FA3
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri,  3 Mar 2017 16:14:48 +0000 (UTC)
 (envelope-from gandalf@shopzeus.com)
Received: from shopzeus.com (shopzeus.com [87.229.70.149])
 by mx1.freebsd.org (Postfix) with ESMTP id C85CD1A08
 for <freebsd-questions@freebsd.org>; Fri,  3 Mar 2017 16:14:47 +0000 (UTC)
 (envelope-from gandalf@shopzeus.com)
Received: from [127.127.127.127] (localhost [127.127.127.127])
 (Authenticated sender: gandalf)
 by shopzeus.com (Postfix) with ESMTPSA id EDC3E889CDE1
 for <freebsd-questions@freebsd.org>; Fri,  3 Mar 2017 10:05:14 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shopzeus.com;
 s=shopzeus_com; t=1488553515;
 bh=lRbP7qbJxzbjP1auyLK/pgv/l57aC7ACy01Q8e3ntBs=;
 h=To:From:Subject:Date:From;
 b=FqRo/qFfke2z9AAFNAI3Qv4lpLjhevHOPVQK0tQcpBxS0hYhV18OiC4wPmmkn9ZdA
 3hI7BxcxFTvAlFeRCVKrQagttkik8mQc/cZylGV3t66K2pYOW/ncLpgw0n1JBuw8eZ
 dEAFyfyaqzskhwTb6w5ROcBb/ru/0+0RLdG1ixdhxb6grZGRuKcv/OiZGftsW8aGYX
 TkkItwjnwNMrlYuduEFTLlrUYhBci/GR0QM0kV2o1EF2Pj2c4qM4kAo1aSn7VJVNBs
 2ukVfp4zja9nerhF+JNYDWgEg/tghLNDCbwGdRfktC1h0Iff0tR1ePLwR/xON+4t8L
 nVepsZUCcKdwg==
To: freebsd-questions@freebsd.org
From: =?UTF-8?Q?Nagy_L=c3=a1szl=c3=b3_Zsolt?= <gandalf@shopzeus.com>
Subject: TCP connection stalled
Message-ID: <485311bf-1e19-b439-c569-b6230d264e16@shopzeus.com>
Date: Fri, 3 Mar 2017 17:05:09 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: quoted-printable
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Mar 2017 16:14:48 -0000

Hello, I have this setup:

Remote computer <---> Internet <----->  Gateway <---->  NAT-ed local
network <---> Internal computer

The gateway is a  11.0-RELEASE-p8 running natd + ipfw.

The internet connection has download speed 500Mbps and upload speed 30Mbp=
s.

Internet is connected via a public IPv4 address as shown below (real ip
hidden with 'x' chars)

nfe0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1=
500
      =20
options=3Dc219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WO=
L_MAGIC,VLAN_HWTSO,LINKSTATE>
        ether 40:61:86:ed:e6:41
        inet 37.xxx.xxx.xxx netmask 0xfffffe00 broadcast 255.255.255.255
        nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active

The first 4 ipfw rules are the following:

add 00005 divert natd all from any to any via nfe0
add 00102 allow all from any to any out
add 00104 allow tcp from any to any  established
add 00201 allow icmp from any to any icmptypes 0,3,8,11,12,13,14

As you can see the MTU for nfe0 was setup to 1500, and ICMP type 3 is
allowed from anybody.

If I try to copy something to a remote server with this command:

scp local_file user@remote_computer:~

Then the following happens: the first few 100K data goes through
quickly, then the connection becomes stalled. I have tried different
remote computers on different ports, but the result is always the same.
I have also tried passive mode FTP instead of SCP with the same result:
stalled.

If I do the same from the internal computer behind NAT, then all uploads
and downloads are fast and responsive. The connection is stalled only
when I connect from the gateway (or to the gateway). (E.g. copy from
internal computer -> remote computer is fast and reliable.)

I was told that this might be an MTU problem. MTU discovery is turned on:=


net.inet.tcp.path_mtu_discovery: 1
net.inet.sctp.pmtu_raise_time: 600

I have also tested the MTU with ping -D, the following way:

root@gw:~ # ping -D -s 1500 my_remote_host.com
PING my_remote_host.com (185.27.xxx.xxx): 1500 data bytes
^C
--- my_remote_host.com ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
root@gw:~ # ping -D -s 1400 my_remote_host.com
PING my_remote_host.com (185.27.60.106): 1400 data bytes
1408 bytes from 185.27.xxx.xxx: icmp_seq=3D0 ttl=3D58 time=3D18.752 ms
1408 bytes from 185.27.xxx.xxx: icmp_seq=3D1 ttl=3D58 time=3D19.502 ms
1408 bytes from 185.27.xxx.xxx: icmp_seq=3D2 ttl=3D58 time=3D17.846 ms
1408 bytes from 185.27.xxx.xxx: icmp_seq=3D3 ttl=3D58 time=3D16.891 ms
^C
--- my_remote_host.com ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev =3D 16.891/18.248/19.502/0.978 ms
root@gw:~ #

So it seems that for this particular host, MTU=3D1400 sould work. So I
have changed the default MTU for this interface:

ifconfig nfe0 mtu 1400

But there was no effect at all. SCP and FTP connections are both
stalled. (I can send an example tcpdump if required, but I could find
nothing special in that.)

What else can cause this? What should I look for?

Thanks,

   Laszlo