From owner-freebsd-net@freebsd.org Mon Jan 23 02:43:51 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 99DFECBC0C2 for ; Mon, 23 Jan 2017 02:43:51 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "wonkity.com", Issuer "wonkity.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5F34A362; Mon, 23 Jan 2017 02:43:51 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.15.2/8.15.2) with ESMTPS id v0N2hg1k037081 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 22 Jan 2017 19:43:42 -0700 (MST) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.15.2/8.15.2/Submit) with ESMTP id v0N2hgiG037078; Sun, 22 Jan 2017 19:43:42 -0700 (MST) (envelope-from wblock@wonkity.com) Date: Sun, 22 Jan 2017 19:43:42 -0700 (MST) From: Warren Block To: Kristof Provost cc: =?ISO-8859-15?Q?Ermal_Lu=E7i?= , Bakul Shah , FreeBSD Net , Alan Somers Subject: Re: pf & NAT issue In-Reply-To: Message-ID: References: <20170120083555.ACCF9124AEA4@mail.bitblocks.com> <7C29D00C-94C0-4550-B1B2-CE307482B544@FreeBSD.org> <20170120203106.CD2C8124AEA4@mail.bitblocks.com> <20170120205933.8948A124AEA3@mail.bitblocks.com> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (wonkity.com [127.0.0.1]); Sun, 22 Jan 2017 19:43:43 -0700 (MST) Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jan 2017 02:43:51 -0000 On Fri, 20 Jan 2017, Kristof Provost wrote: > On 20 Jan 2017, at 22:12, Ermal Luçi wrote: >> Most probably your timeouts are aggressive on states garbage collection. >> Give a look to those state limit teardown it might improve things. >> > Less than 30 seconds seems extremely quick to time out. > I also wouldn’t expect pf to set up NAT state in the middle of a TCP > connection. > > It’s certainly worth a try to play with the timeouts though. > > It might be interesting to see what they’re set to right now. `pfctl -s all` > should show them. I had the defaults as shown by others, except src.track was zero by default. Setting this to 30 suddenly let some static content sites work, like img.bbstatic.com for BestBuy's website. From owner-freebsd-net@freebsd.org Mon Jan 23 15:39:06 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9E8ADCBEB69 for ; Mon, 23 Jan 2017 15:39:06 +0000 (UTC) (envelope-from abs.kaher@oxfordknight.co.uk) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 65AB59A3 for ; Mon, 23 Jan 2017 15:39:06 +0000 (UTC) (envelope-from abs.kaher@oxfordknight.co.uk) Received: by mailman.ysv.freebsd.org (Postfix) id 64EB6CBEB68; Mon, 23 Jan 2017 15:39:06 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 647C7CBEB67 for ; Mon, 23 Jan 2017 15:39:06 +0000 (UTC) (envelope-from abs.kaher@oxfordknight.co.uk) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0058.outbound.protection.outlook.com [104.47.0.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9A47A9A2 for ; Mon, 23 Jan 2017 15:39:04 +0000 (UTC) (envelope-from abs.kaher@oxfordknight.co.uk) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oxfordknightlimited.onmicrosoft.com; s=selector1-oxfordknight-co-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=pCFAW+opyvvKSOR6i7UTG88iwXRWLnZIQ5oPvX8cGo0=; b=zfUT7vCx8mARYK05tikGZEfc6g3h705JTJy2P5WUwpXY+53m0HG1zxz3BeNwMofoOfSerREIrG7/77jmXzhbkwu8pLUZsN7JADB0++rXDHNgV2QCjlUb2TJzYkG3IPW7NSuJQNj8Ozt6wxfigqxpQfm4DuofP1nwkvrvmkcDQYs= Received: from AM4PR0202MB2929.eurprd02.prod.outlook.com (10.171.83.8) by AM4PR0202MB2929.eurprd02.prod.outlook.com (10.171.83.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.860.13; Mon, 23 Jan 2017 15:39:02 +0000 Received: from AM4PR0202MB2929.eurprd02.prod.outlook.com ([10.171.83.8]) by AM4PR0202MB2929.eurprd02.prod.outlook.com ([10.171.83.8]) with mapi id 15.01.0860.021; Mon, 23 Jan 2017 15:39:02 +0000 From: Abs Kaher To: "net@freebsd.org" Subject: Thread-Index: AdJ1jtGGqxNycwejRiC4fZQ4UN2FRw== Date: Mon, 23 Jan 2017 15:39:02 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=abs.kaher@oxfordknight.co.uk; x-originating-ip: [5.148.90.180] x-ms-office365-filtering-correlation-id: 1dc232fa-024c-4ef2-4a2c-08d443a5f4e6 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:AM4PR0202MB2929; x-microsoft-exchange-diagnostics: 1; AM4PR0202MB2929; 7:mthgTuHjrPD28QhtLSSIqeuU4E3W9NlpvGQm2e29mMqBO9CN5w8AIVXU7Q830yj395CABOMw+OUHeiufYc130P/HW+gyqKJWTqJiMxMYSx62Yei/pgFO1M054DTYYbbkKI/mYtccNuyxz5pRVJwhaitOjTHhksyXoE8YexipGL7aX54vbdDMJFoiSIJS9w/D5fZuj/IvmX2x0N1YWgc52Nj29x6y/mbhuIuc7fN05AHgdl/T9grWiZib3Yu7CSJf1oR/nz6fnvyvjV5A9/5e/zi+T4/n0KvSuE0H+tNZHpVEjxnI4K7LnW/Hz87OrV5lfSPsTlg26tObr6MyNawP3VSsxq7a1GvQ1Y2ulZuzUG+uM6YVXPOQDOGb80EHNEQV9j5BVXdVg5JCJyG/VSFOwt2iuGHhJhLmI1OwKrGybZ7t7HrTgnsIBJ/6xRdEfROm6dcAiMFuLrfZvM8Vc3S4Ig== x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(31418570063057)(268783453032223)(22689398316574)(81160342030619)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041248)(20161123562025)(20161123555025)(20161123564025)(20161123560025)(2016111802025)(6072148)(6043046); SRVR:AM4PR0202MB2929; BCL:0; PCL:0; RULEID:; SRVR:AM4PR0202MB2929; x-forefront-prvs: 0196A226D1 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(7916002)(39410400002)(39450400003)(39840400002)(189002)(199003)(99936001)(861006)(33656002)(790700001)(3280700002)(102836003)(5416004)(6116002)(3846002)(38730400001)(189998001)(54356999)(106356001)(50986999)(2351001)(236005)(105586002)(8936002)(101416001)(81156014)(25636003)(1730700003)(81166006)(2906002)(74482002)(53936002)(66066001)(77096006)(92566002)(122556002)(450100001)(6436002)(110136003)(7696004)(2900100001)(7906003)(107886002)(97736004)(2501003)(5890100001)(6916009)(71446004)(5640700003)(25786008)(9686003)(5406001)(606005)(42882006)(5630700001)(6306002)(55016002)(54556002)(99286003)(54896002)(86362001)(7736002)(74316002)(3660700001)(6506006)(733005)(68736007)(5660300001)(7099028)(15669805003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0202MB2929; H:AM4PR0202MB2929.eurprd02.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: oxfordknight.co.uk does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: oxfordknight.co.uk X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jan 2017 15:39:02.2459 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 8b7ae72d-47e9-45d3-bacf-abc2032d6352 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0202MB2929 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jan 2017 15:39:06 -0000 Abs Kaher | Consultant Oxford Knight Mobile: +44 7463 949962 abs.kaher@oxfordknight.co.uk www.oxfordknight.co.uk Follow us for roles, news and market updates: [cid:image001.png@01CED3C6.E78D1010][cid= :image002.png@01CED3C6.E78D1010] NOTICE: This email and any attachments to it may be confidential and are in= tended solely for the use of the individual to whom it was addressed. Any v= iews or opinions expressed are solely the views of the author and do not ne= cessarily represent those of Oxford Knight Limited. If you are not the inte= nded recipient of this email, you must neither take any action based upon i= ts contents, nor copy or show it to anyone. Please notify us immediately an= d delete it from your computer. Thank you. Oxford Knight Limited. Principal= place of business: Oxford Knight Limited, 4th Floor, 33 Cannon Street, Lon= don, EC4M 5SB. Company No. 7261762 NOTICE: This email and any attachments to it may be confidential and are in= tended solely for the use of the individual to whom it was addressed. Any v= iews or opinions expressed are solely the views of the author and do not ne= cessarily represent those of Oxford Knight Limited. If you are not the inte= nded recipient of this email, you must neither take any action based upon i= ts contents, nor copy or show it to anyone. Please notify us immediately an= d delete it from your computer. Thank you. Oxford Knight Limited. Principal= place of business: Oxford Knight Limited, 4th Floor, 33 Cannon Street, Lon= don, EC4M 5SB. Company No. 7261762