From owner-freebsd-net@freebsd.org Mon Dec 5 16:59:17 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 584DBC680E2; Mon, 5 Dec 2016 16:59:17 +0000 (UTC) (envelope-from rysto32@gmail.com) Received: from mail-io0-x236.google.com (mail-io0-x236.google.com [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 29B863E8; Mon, 5 Dec 2016 16:59:17 +0000 (UTC) (envelope-from rysto32@gmail.com) Received: by mail-io0-x236.google.com with SMTP id j65so605906637iof.0; Mon, 05 Dec 2016 08:59:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=McL7ihSJ0qfpWq7Zytf76208JOByI5ajsc5yqvIH3eI=; b=G6GNDOT65JEuU5FUrvRBdlGHC3/1+ayQwU2+5g+7zxk0Kz+/Hw5rQDXLJAx5SnGLTL ZzY/IHH6oj9OUVWPXpEws8FTC2OSMp25CmQIN1lJErXEdgnHTxdLWXTMhZFJJ/06NQ/X 6I2xDg3pBcW68joGV2gNOQ1yWC3DTDFHig+Xc+b6J25h/7EK2iQWPCnO5Vb8abQqsWtl yG/DH9zCmuQyD0T+DXtEubdc9IaCAUVEjhGOGKv9ZJRF6q6IqyJGHXqsF6GzkrVxZC7X lSkBESMd6nrDIH0/EJxxmuH1jxtUEMC+73zcvXPMyceygl2eIDR/DyNiB2InfklOqjbu fN7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=McL7ihSJ0qfpWq7Zytf76208JOByI5ajsc5yqvIH3eI=; b=IXsDJM5uz72hqULBJQLFVgrSQny3UuDtWsqeX9M1JoshpkpBNjeXGAGZdoiWflwhf+ dFE1R6Yf9JpRQe2oxduaxQwI9bqdHpds1onyea/35KClF/N/ynqE+IZNRQl5EcLOP4Z7 p6+F9VXJ9LFkvV0rbT1emgOI9RN5chTfYZXVQ3GC4fURVlE8uqTWbu+zmMvjC7l6Ehuc dbSsF4oib3AsxAk7t8u8WYsSOKVYUXkO2aD0i7pLllEPwD1wsdIAnoE77sdwum5pVTed BFu4AhQHvzIhdxnPM+y11qUQIitKq/R+X2MeLEO12AwSX40s+UW6ga6Y3bxNecZKXjET HMBw== X-Gm-Message-State: AKaTC02a2GhdF+h7LCYBK/mg+778cXC3ZeP871VRI7XlWZT5ItlqUQoG5QLgdZv4avNjr9CoIO4Vv4FQXJpO1w== X-Received: by 10.36.178.81 with SMTP id h17mr9204844iti.98.1480957156623; Mon, 05 Dec 2016 08:59:16 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.144.84 with HTTP; Mon, 5 Dec 2016 08:59:16 -0800 (PST) In-Reply-To: <619F01C2-5A20-4E25-AB0B-4064B598239D@distal.com> References: <619F01C2-5A20-4E25-AB0B-4064B598239D@distal.com> From: Ryan Stone Date: Mon, 5 Dec 2016 11:59:16 -0500 Message-ID: Subject: Re: Problems with FreeBSD (amd64 stable/11) router To: Chris Ross Cc: freebsd-net , freebsd-pf@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2016 16:59:17 -0000 What's the MTU on the bce and vlan interfaces? Does the bce interface show VLAN_MTU option set (in ifconfig)? On Mon, Dec 5, 2016 at 10:00 AM, Chris Ross wrote: > > Hello all. I recently replaced my router with a FreeBSD/11 box > (stable/11 r308579). I am running a lagg device across two bce=E2=80=99s= , and > 802.1q vlan interfaces atop lagg0. I=E2=80=99m using pf to NAT/filter ou= t through > a single outside IP address. > > I=E2=80=99m having the following problem. Some devices appear to be hav= ing > trouble passing traffic. Of course, I first assumed I was doing somethin= g > wrong with my pf filters, but I believe now that=E2=80=99s not the proble= m. One > client machine (a TiVo Roamio) that produces a failure reliably, so I=E2= =80=99ve > been using it for testing, is showing that during a TCP session, which > starts up fine, in the middle of a POST operation to an outside server, > there are 1500 byte packets. These packets have the DF bit in the IP > header, and then never show up on the external interface (vlan0). Smalle= r > packets in the same TCP stream do. But, I=E2=80=99m also not seeing the = ICMP from > the router back to the client telling it that it cannot send the packet. > > I have tried all sorts of changes to my pf rules, including now allowing > all ICMP unconditionally on all interfaces (pass out log quick inet proto > icmp all). I have packet traces during the failed communication across > pflog0, vlan0 (external network) and vlan7 (internal network). I=E2=80= =99d be > happy to answer any questions, or provide the traces off-list. > > Does anyone have any idea what I=E2=80=99ve missed? Thank you very much= for your > help. > > - Chris > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"