kern/47529: natd/ipfw lose TCP packets for firewalled machines

Ruslan Ermilov ru at FreeBSD.org
Fri Aug 15 00:50:15 PDT 2003


The following reply was made to PR kern/47529; it has been noted by GNATS.

From: Ruslan Ermilov <ru at FreeBSD.org>
To: Martin Bartelds <bts at iaehv.nl>
Cc: bug-followup at FreeBSD.org
Subject: Re: kern/47529: natd/ipfw lose TCP packets for firewalled machines
Date: Fri, 15 Aug 2003 10:42:51 +0300

 On Thu, Aug 14, 2003 at 08:58:09PM +0200, Martin Bartelds wrote:
 > I'm not sure about the legitimacy of the "closed" action.
 > 
 > I do have at least one FW/FTP system with NAT which experiences
 > significant packet losses since I moved to IPFW2. Even ping's get lost
 > every now and then, whereas previously with IPFW this didn't happen.
 > Apart from the lost ping's, I also see a lot of hickups when collecting email
 > and doing FTP throught the FW/NAT. Locally and to/from the backbone
 > everything seems to be perfect, only once NAT is involved I do have
 > packet losses. I do use IPFW2's features IPLen, queue, pipe, recv and xmit.
 > Between the FW/FTP server and the backbone, I do have transfer rates
 > of up to 600 Kbyte/s on a 7.6 Mbit pipe. These transfers don't seem to
 > suffer from the hickups.
 > 
 > If you do have suggestions how to pinpoint this to a more definated
 > point of failure, I'm open for testing.
 > 
 I wish you would mention that your problem is bound to IPFW2 in the PR.
 Whatever, does the problem still exist in recent versions of 5.1-CURRENT?
 If not, please try it.  If so, please give us simple steps to reproduce
 the problem.  It should be possible for you, since you tell me that you
 believe the problem is with FW/NAT, so please start from a simple config,
 and see if the problem exists.  If not, add features that you need, and
 see again.
 
 
 Cheers,
 -- 
 Ruslan Ermilov		Sysadmin and DBA,
 ru at sunbay.com		Sunbay Software Ltd,
 ru at FreeBSD.org		FreeBSD committer


More information about the freebsd-ipfw mailing list