PF NAT seeminglt drops TCP connections at random
Thor E. Lie
thor at thorerik.com
Sun Nov 2 17:36:57 UTC 2014
Hi,
I've been configuring a new server with FreeBSD 10.0-RELEASE-p10, Jails(via ezjail) and PF with NAT Translation rules.
Initially when logging in to a jail the connection would randomly drop, usually when there where (relativel) large databursts(eg. tailing a log, opening vi(m) or similar that would clear the screen).
When running a TCPdump and analyzing it seemed to drop right around when tcpdump recorded a "IP bad-len 0", which led me to this february 2008 post[1] on the list, which at least in terms of the nic fits the bill[2], so I proceeded to follow 2 of the suggestions that where posted there(net.inet.tcp.rfc1323=0 and net.inet.tcp.tso=0), disabling rfc1323 sysctl resolved the SSH sessions dropping.
However when downloading a package, or downloading something with fetch, it drops the connection again, it seems like it sends a fin(or fin-ack? I'm not terribly comfortable with tcpdump yet)[3].
[1]: https://lists.freebsd.org/pipermail/freebsd-current/2008-February/083056.html
[2]: http://pastebin.com/MQAkmW14
[3]: http://pastebin.com/wDU9xYK5
--
Thor
More information about the freebsd-stable
mailing list