PF: See packet errors on external interface

Mark Pagulayan m.pagulayan at
Tue Jun 10 00:56:53 UTC 2008

Hi Guys, 


I was just wondering if you could help me with my problem. 


Before going to the details here is my setup:


OS: FreeBSD 7.0-RELEASE i386


Interface: em1(external interface) and em0(internal interface)

Setup: The 2 interfaces above are setup as a bridge so we are using PF
as a layer2 FW. 

Use altq to define queues on em1 and em0 ( default, unlimited,
sponsored, premium, standard)



Doing a netstat -d -I em1. I can see that there incoming packet errors
but no outgoing packet errors. A number of drops but no collision.


Doing a netstat -d -I em0. I can see that there are no errors on the
incoming and outgoing packets. A number of drops but no collision.


Doing a netstat -d -l bridge0. don't see any errors on the incoming and
outgoing packets. No drops and collision.


Looking at my ruleset I can see that I have 


scrub in on em1 


Does this rule cause the packet errors?  Or presumably because of the
speed of the network? We are running at around 8000 packet/s for
incoming and outgoing traffic. 

There was plan of removing this rule? If we do that? What would  the
implications be? 


Also using the tool pftop, the default queue has packet drops and

QUEUE                    BW   SCH       PRIO     PKTS           BYTES

default                     134M cbq                      1326370
775902K      138        102128        0       0                2798
8182 4340435


Do you think the scrub rule is the causing pf to suspend some packets?
I also wish to understand how pftop works to be able to debug the


The reason that I am asking this questions is that we get connectivity
issues with some external sites that we connect to. It might be the
uplink that has problems but I hope I could gather information on what
might be causing this, or things might be or not related to this issue. 


Your help would be greatly appreciated.




Mark Pagulayan

University of Auckland

More information about the freebsd-pf mailing list