Date: Mon, 5 Dec 2016 11:59:16 -0500 From: Ryan Stone <rysto32@gmail.com> To: Chris Ross <cross+freebsd@distal.com> Cc: freebsd-net <freebsd-net@freebsd.org>, freebsd-pf@freebsd.org Subject: Re: Problems with FreeBSD (amd64 stable/11) router Message-ID: <CAFMmRNz-p1804o5fs6g1vbATm5KSRg5fteKgAzg_va3t%2B38%2Bcg@mail.gmail.com> In-Reply-To: <619F01C2-5A20-4E25-AB0B-4064B598239D@distal.com> References: <619F01C2-5A20-4E25-AB0B-4064B598239D@distal.com>
next in thread | previous in thread | raw e-mail | index | archive | help
What's the MTU on the bce and vlan interfaces? Does the bce interface show VLAN_MTU option set (in ifconfig)? On Mon, Dec 5, 2016 at 10:00 AM, Chris Ross <cross+freebsd@distal.com> wrote: > > Hello all. I recently replaced my router with a FreeBSD/11 box > (stable/11 r308579). I am running a lagg device across two bce=E2=80=99s= , and > 802.1q vlan interfaces atop lagg0. I=E2=80=99m using pf to NAT/filter ou= t through > a single outside IP address. > > I=E2=80=99m having the following problem. Some devices appear to be hav= ing > trouble passing traffic. Of course, I first assumed I was doing somethin= g > wrong with my pf filters, but I believe now that=E2=80=99s not the proble= m. One > client machine (a TiVo Roamio) that produces a failure reliably, so I=E2= =80=99ve > been using it for testing, is showing that during a TCP session, which > starts up fine, in the middle of a POST operation to an outside server, > there are 1500 byte packets. These packets have the DF bit in the IP > header, and then never show up on the external interface (vlan0). Smalle= r > packets in the same TCP stream do. But, I=E2=80=99m also not seeing the = ICMP from > the router back to the client telling it that it cannot send the packet. > > I have tried all sorts of changes to my pf rules, including now allowing > all ICMP unconditionally on all interfaces (pass out log quick inet proto > icmp all). I have packet traces during the failed communication across > pflog0, vlan0 (external network) and vlan7 (internal network). I=E2=80= =99d be > happy to answer any questions, or provide the traces off-list. > > Does anyone have any idea what I=E2=80=99ve missed? Thank you very much= for your > help. > > - Chris > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFMmRNz-p1804o5fs6g1vbATm5KSRg5fteKgAzg_va3t%2B38%2Bcg>