Problems with FreeBSD (amd64 stable/11) router

[Ryan Stone]

What's the MTU on the bce and vlan interfaces?  Does the bce interface show
VLAN_MTU option set (in ifconfig)?

On Mon, Dec 5, 2016 at 10:00 AM, Chris Ross <cross+freebsd at distal.com>
wrote:

>
>  Hello all.  I recently replaced my router with a FreeBSD/11 box
> (stable/11 r308579).  I am running a lagg device across two bce’s, and
> 802.1q vlan interfaces atop lagg0.  I’m using pf to NAT/filter out through
> a single outside IP address.
>
>  I’m having the following problem.  Some devices appear to be having
> trouble passing traffic.  Of course, I first assumed I was doing something
> wrong with my pf filters, but I believe now that’s not the problem.  One
> client machine (a TiVo Roamio) that produces a failure reliably, so I’ve
> been using it for testing, is showing that during a TCP session, which
> starts up fine, in the middle of a POST operation to an outside server,
> there are 1500 byte packets.  These packets have the DF bit in the IP
> header, and then never show up on the external interface (vlan0).  Smaller
> packets in the same TCP stream do.  But, I’m also not seeing the ICMP from
> the router back to the client telling it that it cannot send the packet.
>
>  I have tried all sorts of changes to my pf rules, including now allowing
> all ICMP unconditionally on all interfaces (pass out log quick inet proto
> icmp all).  I have packet traces during the failed communication across
> pflog0, vlan0 (external network) and vlan7 (internal network).  I’d be
> happy to answer any questions, or provide the traces off-list.
>
>  Does anyone have any idea what I’ve missed?  Thank you very much for your
> help.
>
>                                 - Chris
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"