PF NAT seeminglt drops TCP connections at random

Thor E. Lie thor at
Sun Nov 2 17:36:57 UTC 2014


I've been configuring a new server with FreeBSD 10.0-RELEASE-p10, Jails(via ezjail) and PF with NAT Translation rules.

Initially when logging in to a jail the connection would randomly drop, usually when there where (relativel) large databursts(eg. tailing a log, opening vi(m) or similar that would clear the screen).
When running a TCPdump and analyzing it seemed to drop right around when tcpdump recorded a "IP bad-len 0", which led me to this february 2008 post[1] on the list, which at least in terms of the nic fits the bill[2], so I proceeded to follow 2 of the suggestions that where posted there(net.inet.tcp.rfc1323=0 and net.inet.tcp.tso=0), disabling rfc1323 sysctl resolved the SSH sessions dropping.

However when downloading a package, or downloading something with fetch, it drops the connection again, it seems like it sends a fin(or fin-ack? I'm not terribly comfortable with tcpdump yet)[3].



More information about the freebsd-stable mailing list