kern/47529: natd/ipfw lose TCP packets for firewalled machines
Ruslan Ermilov
ru at FreeBSD.org
Fri Aug 15 00:50:15 PDT 2003
The following reply was made to PR kern/47529; it has been noted by GNATS.
From: Ruslan Ermilov <ru at FreeBSD.org>
To: Martin Bartelds <bts at iaehv.nl>
Cc: bug-followup at FreeBSD.org
Subject: Re: kern/47529: natd/ipfw lose TCP packets for firewalled machines
Date: Fri, 15 Aug 2003 10:42:51 +0300
On Thu, Aug 14, 2003 at 08:58:09PM +0200, Martin Bartelds wrote:
> I'm not sure about the legitimacy of the "closed" action.
>
> I do have at least one FW/FTP system with NAT which experiences
> significant packet losses since I moved to IPFW2. Even ping's get lost
> every now and then, whereas previously with IPFW this didn't happen.
> Apart from the lost ping's, I also see a lot of hickups when collecting email
> and doing FTP throught the FW/NAT. Locally and to/from the backbone
> everything seems to be perfect, only once NAT is involved I do have
> packet losses. I do use IPFW2's features IPLen, queue, pipe, recv and xmit.
> Between the FW/FTP server and the backbone, I do have transfer rates
> of up to 600 Kbyte/s on a 7.6 Mbit pipe. These transfers don't seem to
> suffer from the hickups.
>
> If you do have suggestions how to pinpoint this to a more definated
> point of failure, I'm open for testing.
>
I wish you would mention that your problem is bound to IPFW2 in the PR.
Whatever, does the problem still exist in recent versions of 5.1-CURRENT?
If not, please try it. If so, please give us simple steps to reproduce
the problem. It should be possible for you, since you tell me that you
believe the problem is with FW/NAT, so please start from a simple config,
and see if the problem exists. If not, add features that you need, and
see again.
Cheers,
--
Ruslan Ermilov Sysadmin and DBA,
ru at sunbay.com Sunbay Software Ltd,
ru at FreeBSD.org FreeBSD committer
More information about the freebsd-ipfw
mailing list