Date: Fri, 20 Jan 2017 11:48:04 +0100 From: "Kristof Provost" <kp@FreeBSD.org> To: "Bakul Shah" <bakul@bitblocks.com> Cc: freebsd-net@freebsd.org Subject: Re: pf & NAT issue Message-ID: <7C29D00C-94C0-4550-B1B2-CE307482B544@FreeBSD.org> In-Reply-To: <20170120083555.ACCF9124AEA4@mail.bitblocks.com> References: <20170120083555.ACCF9124AEA4@mail.bitblocks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20 Jan 2017, at 9:35, Bakul Shah wrote:
> pf seems to drop NAT connections quite a bit. This seems to
> happen much more frequently if there are delays involved (slow
> server or interactive use). Almost seems like pf losing
> track of NATted connections due to an uninitialized
> variable.... Often a retry or two works. Connecting from
> outside to forwarded connections to NATTED hosts works fine.
>
> This problem started after ungrading to freebsd-10. Is there a
> bug fix in works or a known work around (other than using ipfw
> or reverting to 9, which I don't want to do)?
>
The problem you describe doesn’t immediately ring a bell.
We’ll have to gather a bit more information:
* What FreeBSD version are you running exactly?
* What’s your pf.conf?
* Can you perform a network capture of rejected/failed connections?
Ideally
both on LAN and WAN on the gateway machine. Please capture full
packets (so
tcpdump -s0 -w lan.pcap) as pcap files).
* What networking cards are you using?
Regards,
Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7C29D00C-94C0-4550-B1B2-CE307482B544>