Date: Fri, 29 Aug 2008 06:54:23 -0400 From: ben wilber <ben@desync.com> To: freebsd-pf@freebsd.org Subject: pf and mxge Message-ID: <20080829105422.GI1644@exodus.desync.com>
next in thread | raw e-mail | index | archive | help
Hello, I'm trying to use PF on a machine with an mxge(4) interface and am having some difficulty. With my ruleset loaded, any TCP session that gets a state grinds to a halt. For example, I can log in via SSH and issue commands that return a couple lines, but the output from a command like dmesg(8) comes very slowly and sometimes won't finish before SSH times out. MTU on the interface is 1500 bytes. This doesn't happen unless states are created (e.g., not with "pass no state"). The machine is running -CURRENT for amd64 as of Jul 18th compiled with ALTQ, crypto and IPSEC, HZ=1000 and DEVICE_POLLING (though not enabled). IP and IPv6 forwarding are enabled, as well as fastforwarding. Only filtering; no bridges, ALTQ, NAT or scrubbing. Any insight? Thanks, bw.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080829105422.GI1644>