Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 22 Jan 2017 19:43:42 -0700 (MST)
From:      Warren Block <wblock@wonkity.com>
To:        Kristof Provost <kp@FreeBSD.org>
Cc:        =?ISO-8859-15?Q?Ermal_Lu=E7i?= <eri@freebsd.org>, Bakul Shah <bakul@bitblocks.com>, FreeBSD Net <freebsd-net@freebsd.org>, Alan Somers <asomers@freebsd.org>
Subject:   Re: pf & NAT issue
Message-ID:  <alpine.BSF.2.20.1701221941550.68525@wonkity.com>
In-Reply-To: <C40A590C-610E-4283-83AB-6CDF65EEDE86@FreeBSD.org>
References:  <20170120083555.ACCF9124AEA4@mail.bitblocks.com> <7C29D00C-94C0-4550-B1B2-CE307482B544@FreeBSD.org> <CAOtMX2hTcEkw_WzgtcEEipGY391zB=skrk7O=dknRMMG%2BDa%2BBA@mail.gmail.com> <20170120203106.CD2C8124AEA4@mail.bitblocks.com> <FB01B6F5-5269-4FE4-9B22-51A6AA60705E@FreeBSD.org> <20170120205933.8948A124AEA3@mail.bitblocks.com> <CAPBZQG3sFKRTPbRGh7KSh1bsp2FHNX84Baw0dV3-QXKBhZQVvw@mail.gmail.com> <C40A590C-610E-4283-83AB-6CDF65EEDE86@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 20 Jan 2017, Kristof Provost wrote:

> On 20 Jan 2017, at 22:12, Ermal Luçi wrote:
>> Most probably your timeouts are aggressive on states garbage collection.
>> Give a look to those state limit teardown it might improve things.
>> 
> Less than 30 seconds seems extremely quick to time out.
> I also wouldn’t expect pf to set up NAT state in the middle of a TCP 
> connection.
>
> It’s certainly worth a try to play with the timeouts though.
>
> It might be interesting to see what they’re set to right now. `pfctl -s all` 
> should show them.

I had the defaults as shown by others, except src.track was zero by 
default.  Setting this to 30 suddenly let some static content sites 
work, like img.bbstatic.com for BestBuy's website.
From owner-freebsd-net@freebsd.org  Mon Jan 23 15:39:06 2017
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9E8ADCBEB69
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Mon, 23 Jan 2017 15:39:06 +0000 (UTC)
 (envelope-from abs.kaher@oxfordknight.co.uk)
Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 65AB59A3
 for <freebsd-net@freebsd.org>; Mon, 23 Jan 2017 15:39:06 +0000 (UTC)
 (envelope-from abs.kaher@oxfordknight.co.uk)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 64EB6CBEB68; Mon, 23 Jan 2017 15:39:06 +0000 (UTC)
Delivered-To: net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 647C7CBEB67
 for <net@mailman.ysv.freebsd.org>; Mon, 23 Jan 2017 15:39:06 +0000 (UTC)
 (envelope-from abs.kaher@oxfordknight.co.uk)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com
 (mail-he1eur01on0058.outbound.protection.outlook.com [104.47.0.58])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client CN "mail.protection.outlook.com",
 Issuer "Microsoft IT SSL SHA2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9A47A9A2
 for <net@freebsd.org>; Mon, 23 Jan 2017 15:39:04 +0000 (UTC)
 (envelope-from abs.kaher@oxfordknight.co.uk)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=oxfordknightlimited.onmicrosoft.com; s=selector1-oxfordknight-co-uk;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=pCFAW+opyvvKSOR6i7UTG88iwXRWLnZIQ5oPvX8cGo0=;
 b=zfUT7vCx8mARYK05tikGZEfc6g3h705JTJy2P5WUwpXY+53m0HG1zxz3BeNwMofoOfSerREIrG7/77jmXzhbkwu8pLUZsN7JADB0++rXDHNgV2QCjlUb2TJzYkG3IPW7NSuJQNj8Ozt6wxfigqxpQfm4DuofP1nwkvrvmkcDQYs=
Received: from AM4PR0202MB2929.eurprd02.prod.outlook.com (10.171.83.8) by
 AM4PR0202MB2929.eurprd02.prod.outlook.com (10.171.83.8) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.860.13; Mon, 23 Jan 2017 15:39:02 +0000
Received: from AM4PR0202MB2929.eurprd02.prod.outlook.com ([10.171.83.8]) by
 AM4PR0202MB2929.eurprd02.prod.outlook.com ([10.171.83.8]) with mapi id
 15.01.0860.021; Mon, 23 Jan 2017 15:39:02 +0000
From: Abs Kaher <abs.kaher@oxfordknight.co.uk>
To: "net@freebsd.org" <net@freebsd.org>
Subject: 
Thread-Index: AdJ1jtGGqxNycwejRiC4fZQ4UN2FRw==
Date: Mon, 23 Jan 2017 15:39:02 +0000
Message-ID: <AM4PR0202MB292979D540C54E27384EDCEADC720@AM4PR0202MB2929.eurprd02.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=abs.kaher@oxfordknight.co.uk; 
x-originating-ip: [5.148.90.180]
x-ms-office365-filtering-correlation-id: 1dc232fa-024c-4ef2-4a2c-08d443a5f4e6
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001);
 SRVR:AM4PR0202MB2929; 
x-microsoft-exchange-diagnostics: 1; AM4PR0202MB2929;
 7:mthgTuHjrPD28QhtLSSIqeuU4E3W9NlpvGQm2e29mMqBO9CN5w8AIVXU7Q830yj395CABOMw+OUHeiufYc130P/HW+gyqKJWTqJiMxMYSx62Yei/pgFO1M054DTYYbbkKI/mYtccNuyxz5pRVJwhaitOjTHhksyXoE8YexipGL7aX54vbdDMJFoiSIJS9w/D5fZuj/IvmX2x0N1YWgc52Nj29x6y/mbhuIuc7fN05AHgdl/T9grWiZib3Yu7CSJf1oR/nz6fnvyvjV5A9/5e/zi+T4/n0KvSuE0H+tNZHpVEjxnI4K7LnW/Hz87OrV5lfSPsTlg26tObr6MyNawP3VSsxq7a1GvQ1Y2ulZuzUG+uM6YVXPOQDOGb80EHNEQV9j5BVXdVg5JCJyG/VSFOwt2iuGHhJhLmI1OwKrGybZ7t7HrTgnsIBJ/6xRdEfROm6dcAiMFuLrfZvM8Vc3S4Ig==
x-microsoft-antispam-prvs: <AM4PR0202MB2929D61EF3B239AD2516B8CBDC720@AM4PR0202MB2929.eurprd02.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(31418570063057)(268783453032223)(22689398316574)(81160342030619)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
 RULEID:(102415395)(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041248)(20161123562025)(20161123555025)(20161123564025)(20161123560025)(2016111802025)(6072148)(6043046);
 SRVR:AM4PR0202MB2929; BCL:0; PCL:0; RULEID:; SRVR:AM4PR0202MB2929; 
x-forefront-prvs: 0196A226D1
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(7916002)(39410400002)(39450400003)(39840400002)(189002)(199003)(99936001)(861006)(33656002)(790700001)(3280700002)(102836003)(5416004)(6116002)(3846002)(38730400001)(189998001)(54356999)(106356001)(50986999)(2351001)(236005)(105586002)(8936002)(101416001)(81156014)(25636003)(1730700003)(81166006)(2906002)(74482002)(53936002)(66066001)(77096006)(92566002)(122556002)(450100001)(6436002)(110136003)(7696004)(2900100001)(7906003)(107886002)(97736004)(2501003)(5890100001)(6916009)(71446004)(5640700003)(25786008)(9686003)(5406001)(606005)(42882006)(5630700001)(6306002)(55016002)(54556002)(99286003)(54896002)(86362001)(7736002)(74316002)(3660700001)(6506006)(733005)(68736007)(5660300001)(7099028)(15669805003);
 DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0202MB2929;
 H:AM4PR0202MB2929.eurprd02.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;
 MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: oxfordknight.co.uk does not
 designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
MIME-Version: 1.0
X-OriginatorOrg: oxfordknight.co.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jan 2017 15:39:02.2459 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8b7ae72d-47e9-45d3-bacf-abc2032d6352
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0202MB2929
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>;
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jan 2017 15:39:06 -0000



Abs Kaher | Consultant
Oxford Knight

Mobile:    +44 7463 949962
abs.kaher@oxfordknight.co.uk<mailto:abs.kaher@oxfordknight.co.uk>
www.oxfordknight.co.uk<http://www.oxfordknight.co.uk/>;

Follow us for roles, news and market updates:
[cid:image001.png@01CED3C6.E78D1010]<https://twitter.com/Oxford_Knight>[cid=
:image002.png@01CED3C6.E78D1010]<uk.linkedin.com/in/abskaher/>
NOTICE: This email and any attachments to it may be confidential and are in=
tended solely for the use of the individual to whom it was addressed. Any v=
iews or opinions expressed are solely the views of the author and do not ne=
cessarily represent those of Oxford Knight Limited. If you are not the inte=
nded recipient of this email, you must neither take any action based upon i=
ts contents, nor copy or show it to anyone. Please notify us immediately an=
d delete it from your computer. Thank you. Oxford Knight Limited. Principal=
 place of business: Oxford Knight Limited, 4th Floor, 33 Cannon Street, Lon=
don, EC4M 5SB. Company No. 7261762

NOTICE: This email and any attachments to it may be confidential and are in=
tended solely for the use of the individual to whom it was addressed. Any v=
iews or opinions expressed are solely the views of the author and do not ne=
cessarily represent those of Oxford Knight Limited. If you are not the inte=
nded recipient of this email, you must neither take any action based upon i=
ts contents, nor copy or show it to anyone. Please notify us immediately an=
d delete it from your computer. Thank you. Oxford Knight Limited. Principal=
 place of business: Oxford Knight Limited, 4th Floor, 33 Cannon Street, Lon=
don, EC4M 5SB. Company No. 7261762



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1701221941550.68525>