From owner-freebsd-net@freebsd.org Mon Dec 5 19:10:34 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4B856C67B31; Mon, 5 Dec 2016 19:10:34 +0000 (UTC) (envelope-from cross+freebsd@distal.com) Received: from hydra.pix.net (hydra.pix.net [IPv6:2001:470:e254:11::4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.pix.net", Issuer "Pix.Com Technologies LLC CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 27F3A13D4; Mon, 5 Dec 2016 19:10:34 +0000 (UTC) (envelope-from cross+freebsd@distal.com) Received: from mail.distal.com (mail.distal.com [IPv6:2001:470:e24c:200:0:0:0:ae25]) (authenticated bits=0) by hydra.pix.net (8.16.0.19/8.15.2) with ESMTPSA id uB5JAPuP071545 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 5 Dec 2016 14:10:33 -0500 (EST) (envelope-from cross+freebsd@distal.com) Received: from [IPv6:2001:420:2710:1330:b88b:3986:94f1:729] ([IPv6:2001:420:2710:1330:b88b:3986:94f1:729]) (authenticated bits=0) by mail.distal.com (8.15.2/8.15.2) with ESMTPSA id uB5JAMK6046088 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Dec 2016 14:10:22 -0500 (EST) (envelope-from cross+freebsd@distal.com) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: Problems with FreeBSD (amd64 stable/11) router From: Chris Ross In-Reply-To: Date: Mon, 5 Dec 2016 14:10:17 -0500 Cc: freebsd-net , freebsd-pf@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <8C636365-DD9D-4375-9418-D540D8D13C56@distal.com> References: <619F01C2-5A20-4E25-AB0B-4064B598239D@distal.com> To: Ryan Stone X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2016 19:10:34 -0000 > On Dec 5, 2016, at 11:59, Ryan Stone wrote: >=20 > What's the MTU on the bce and vlan interfaces? Does the bce interface = show VLAN_MTU option set (in ifconfig)? I had manually set these to try to work out the problem earlier in my = experimentation, but am now back (unless I missed something) to the = natural MTUs on all interfaces. The vlan=E2=80=99s all show 1496, and = the bee=E2=80=99s (and lagg0) show 1500. The options on each of the = bce=E2=80=99s show VLAN_MTU, and a few other VLAN_ options. - Chris > On Mon, Dec 5, 2016 at 10:00 AM, Chris Ross = wrote: >=20 > Hello all. I recently replaced my router with a FreeBSD/11 box = (stable/11 r308579). I am running a lagg device across two bce=E2=80=99s,= and 802.1q vlan interfaces atop lagg0. I=E2=80=99m using pf to = NAT/filter out through a single outside IP address. >=20 > I=E2=80=99m having the following problem. Some devices appear to be = having trouble passing traffic. Of course, I first assumed I was doing = something wrong with my pf filters, but I believe now that=E2=80=99s not = the problem. One client machine (a TiVo Roamio) that produces a failure = reliably, so I=E2=80=99ve been using it for testing, is showing that = during a TCP session, which starts up fine, in the middle of a POST = operation to an outside server, there are 1500 byte packets. These = packets have the DF bit in the IP header, and then never show up on the = external interface (vlan0). Smaller packets in the same TCP stream do. = But, I=E2=80=99m also not seeing the ICMP from the router back to the = client telling it that it cannot send the packet. >=20 > I have tried all sorts of changes to my pf rules, including now = allowing all ICMP unconditionally on all interfaces (pass out log quick = inet proto icmp all). I have packet traces during the failed = communication across pflog0, vlan0 (external network) and vlan7 = (internal network). I=E2=80=99d be happy to answer any questions, or = provide the traces off-list. >=20 > Does anyone have any idea what I=E2=80=99ve missed? Thank you very = much for your help. >=20 > - Chris >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >=20