From owner-freebsd-stable@FreeBSD.ORG Sun Nov 2 17:36:57 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2AD28B55 for ; Sun, 2 Nov 2014 17:36:57 +0000 (UTC) Received: from epost.telsys.no (epost.telsys.no [213.188.12.35]) by mx1.freebsd.org (Postfix) with ESMTP id D6127D85 for ; Sun, 2 Nov 2014 17:36:56 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by epost.telsys.no (Postfix) with ESMTP id 7FC5F4003DA for ; Sun, 2 Nov 2014 18:36:55 +0100 (CET) Received: from epost.telsys.no ([127.0.0.1]) by localhost (epost.telsys.no [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 7tFknEq32Qul for ; Sun, 2 Nov 2014 18:36:54 +0100 (CET) Received: from localhost (localhost.localdomain [127.0.0.1]) by epost.telsys.no (Postfix) with ESMTP id E3D3F400480 for ; Sun, 2 Nov 2014 18:36:54 +0100 (CET) X-Virus-Scanned: amavisd-new at epost.telsys.no Received: from epost.telsys.no ([127.0.0.1]) by localhost (epost.telsys.no [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id x_5Op_75pvXc for ; Sun, 2 Nov 2014 18:36:54 +0100 (CET) Received: from ms3.telsys.no (ms3.telsys.no [213.188.12.46]) by epost.telsys.no (Postfix) with ESMTP id CF41A4003DA for ; Sun, 2 Nov 2014 18:36:54 +0100 (CET) Date: Sun, 2 Nov 2014 18:36:54 +0100 (CET) From: "Thor E. Lie" To: freebsd-stable@freebsd.org Message-ID: <637493342.277606.1414949814817.JavaMail.zimbra@thorerik.com> In-Reply-To: <935627270.271423.1414945303076.JavaMail.zimbra@thorerik.com> References: <935627270.271423.1414945303076.JavaMail.zimbra@thorerik.com> Subject: PF NAT seeminglt drops TCP connections at random MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Mailer: Zimbra 8.0.8_GA_6184 (ZimbraWebClient - FF33 (Win)/8.0.8_GA_6184) Thread-Topic: PF NAT seeminglt drops TCP connections at random Thread-Index: YLmRwbftFHujuwkdknkKjdpWDl6mvd5DAzLX X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 17:36:57 -0000 Hi, I've been configuring a new server with FreeBSD 10.0-RELEASE-p10, Jails(via ezjail) and PF with NAT Translation rules. Initially when logging in to a jail the connection would randomly drop, usually when there where (relativel) large databursts(eg. tailing a log, opening vi(m) or similar that would clear the screen). When running a TCPdump and analyzing it seemed to drop right around when tcpdump recorded a "IP bad-len 0", which led me to this february 2008 post[1] on the list, which at least in terms of the nic fits the bill[2], so I proceeded to follow 2 of the suggestions that where posted there(net.inet.tcp.rfc1323=0 and net.inet.tcp.tso=0), disabling rfc1323 sysctl resolved the SSH sessions dropping. However when downloading a package, or downloading something with fetch, it drops the connection again, it seems like it sends a fin(or fin-ack? I'm not terribly comfortable with tcpdump yet)[3]. [1]: https://lists.freebsd.org/pipermail/freebsd-current/2008-February/083056.html [2]: http://pastebin.com/MQAkmW14 [3]: http://pastebin.com/wDU9xYK5 -- Thor