pf & NAT issue
Kristof Provost
kp at FreeBSD.org
Fri Jan 20 21:17:22 UTC 2017
On 20 Jan 2017, at 22:12, Ermal Luçi wrote:
> Most probably your timeouts are aggressive on states garbage
> collection.
> Give a look to those state limit teardown it might improve things.
>
Less than 30 seconds seems extremely quick to time out.
I also wouldn’t expect pf to set up NAT state in the middle of a TCP
connection.
It’s certainly worth a try to play with the timeouts though.
It might be interesting to see what they’re set to right now. `pfctl
-s all` should show them.
Regards,
Kristof
More information about the freebsd-net
mailing list