Res: Res: Res: Dropped Packets

Chris Marlatt cmarlatt at rxsec.com
Fri Mar 7 22:56:31 UTC 2008


Lorenz Helleis wrote:
> Indeed, do you have any min & max number for bps and pps for this 
> firewall's internal and external interfaces? On which interface are you 
> dropping the packets?
> 
> Regards,
> 
>     Chris
> 
> 
> 
> 300Mbps   and  20.000 pps.  But  i  will do a biggest firewall. 
> 
> This is an internal firewall...  I think the entry in the table session is desapearing, so the client needs to make another conection.  I´m thinking about create a stateless rule. 
> 

Do the machines generating the traffic have multiple paths?

The only time I've really seen pf have problems with sessions is when 
the devices send and receive traffic via different paths or multiple 
paths (i.e. traffic comes in via firewall01 but goes out firewall02 and 
firewall01 and firewall02 do not implement pfsync).

Regards,

	Chris


More information about the freebsd-pf mailing list