From owner-freebsd-net@freebsd.org Fri Jan 20 08:42:50 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6ADC6CB85D8 for ; Fri, 20 Jan 2017 08:42:50 +0000 (UTC) (envelope-from bakul@bitblocks.com) Received: from mail.bitblocks.com (ns1.bitblocks.com [173.228.5.8]) by mx1.freebsd.org (Postfix) with ESMTP id 5D3D41BF7 for ; Fri, 20 Jan 2017 08:42:50 +0000 (UTC) (envelope-from bakul@bitblocks.com) Received: from bitblocks.com (localhost [127.0.0.1]) by mail.bitblocks.com (Postfix) with ESMTP id ACCF9124AEA4 for ; Fri, 20 Jan 2017 00:35:55 -0800 (PST) To: freebsd-net@freebsd.org Subject: pf & NAT issue Date: Fri, 20 Jan 2017 00:35:55 -0800 From: Bakul Shah Message-Id: <20170120083555.ACCF9124AEA4@mail.bitblocks.com> X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2017 08:42:50 -0000 pf seems to drop NAT connections quite a bit. This seems to happen much more frequently if there are delays involved (slow server or interactive use). Almost seems like pf losing track of NATted connections due to an uninitialized variable.... Often a retry or two works. Connecting from outside to forwarded connections to NATTED hosts works fine. This problem started after ungrading to freebsd-10. Is there a bug fix in works or a known work around (other than using ipfw or reverting to 9, which I don't want to do)? Thanks! Bakul