From owner-freebsd-pf@FreeBSD.ORG  Tue Oct 18 18:25:50 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C37E21065738
	for <freebsd-pf@FreeBSD.org>; Tue, 18 Oct 2011 18:25:50 +0000 (UTC)
	(envelope-from flo@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id B0F948FC0A;
	Tue, 18 Oct 2011 18:25:50 +0000 (UTC)
Received: from nibbler-wlan.home.lan (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p9IIPnL7004448;
	Tue, 18 Oct 2011 18:25:50 GMT (envelope-from flo@FreeBSD.org)
Message-ID: <4E9DC4AD.2040103@FreeBSD.org>
Date: Tue, 18 Oct 2011 20:25:49 +0200
From: Florian Smeets <flo@FreeBSD.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7;
	rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: Florian Wilkemeyer <fw@f-ws.de>
References: <CA+LSPrie-KoL8t3S=ia_KNA427GgHa_6NESwcJE_ic4085rMew@mail.gmail.com>
In-Reply-To: <CA+LSPrie-KoL8t3S=ia_KNA427GgHa_6NESwcJE_ic4085rMew@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-pf@FreeBSD.org
Subject: Re: PF NAT issue with 9.0-BETA3 and RELENG_9 'head'
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2011 18:25:50 -0000

On 18.10.11 18:44, Florian Wilkemeyer wrote:
> Hello,
>
> i recently switched a router in our test-environment to FreeBSD 9.0-Beta3
> (and after things didnt worked ... checked out the current RELENG_9
> and recompiled kernel&  world .. )
>
>
>
> Problem:
>   After 5 - 15 minutes NAT stops working (normal routing still works.)
>
>   Network Utilization:  about 40 MByte/second, which gets routed
>   only a few kbit/s are getting natted (NTP Syncs and such ... )
>
>   When i took a look on the nat rules (via pfctl -vv -s nat)
>   the rules gets evaluated; but nothing matches anymore...
>
>   State Table helds about 9500 Entrys,
>   Source Tracking Table about 300
>

Hi,

i guess you have pf compiled into your kernel? Try to use the module, 
that should be a workaround. This is a known problem and people are 
working on it.

HTH,
Florian