pf & NAT issue
Kristof Provost
kp at FreeBSD.org
Fri Jan 20 10:48:06 UTC 2017
On 20 Jan 2017, at 9:35, Bakul Shah wrote:
> pf seems to drop NAT connections quite a bit. This seems to
> happen much more frequently if there are delays involved (slow
> server or interactive use). Almost seems like pf losing
> track of NATted connections due to an uninitialized
> variable.... Often a retry or two works. Connecting from
> outside to forwarded connections to NATTED hosts works fine.
>
> This problem started after ungrading to freebsd-10. Is there a
> bug fix in works or a known work around (other than using ipfw
> or reverting to 9, which I don't want to do)?
>
The problem you describe doesn’t immediately ring a bell.
We’ll have to gather a bit more information:
* What FreeBSD version are you running exactly?
* What’s your pf.conf?
* Can you perform a network capture of rejected/failed connections?
Ideally
both on LAN and WAN on the gateway machine. Please capture full
packets (so
tcpdump -s0 -w lan.pcap) as pcap files).
* What networking cards are you using?
Regards,
Kristof
More information about the freebsd-net
mailing list