pf & NAT issue
Kristof Provost
kp at FreeBSD.org
Fri Jan 20 20:48:54 UTC 2017
On 20 Jan 2017, at 21:31, Bakul Shah wrote:
> $ pfctl -s info
> Status: Enabled for 167 days 13:40:11 Debug: Urgent
>
> State Table Total Rate
> current entries 0
> searches 2870986757 198.3/s # this
> seems high...
> inserts 3428240 0.2/s
> removals 3428240 0.2/s
> Counters
> match 1482741914 102.4/s
> bad-offset 0 0.0/s
> fragment 1 0.0/s
> short 0 0.0/s
> normalize 0 0.0/s
> memory 0 0.0/s
> bad-timestamp 0 0.0/s
> congestion 0 0.0/s
> ip-option 31 0.0/s
> proto-cksum 0 0.0/s
> state-mismatch 28931 0.0/s
You gave a decent number of state-mismatch errors here.
It’s worth checking if that number increments whenever you see a
dropped NAT connection.
Regards,
Kristof
More information about the freebsd-net
mailing list