From owner-freebsd-pf@FreeBSD.ORG  Fri Mar  7 22:56:31 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D52A2106566B
	for <freebsd-pf@freebsd.org>; Fri,  7 Mar 2008 22:56:31 +0000 (UTC)
	(envelope-from cmarlatt@rxsec.com)
Received: from core.rxsec.com (core.rxsec.com [64.132.46.102])
	by mx1.freebsd.org (Postfix) with SMTP id 67A598FC12
	for <freebsd-pf@freebsd.org>; Fri,  7 Mar 2008 22:56:31 +0000 (UTC)
	(envelope-from cmarlatt@rxsec.com)
Received: (qmail 94966 invoked by uid 2009); 7 Mar 2008 22:49:48 -0000
Received: from 10.1.0.239 by core.rxsec.com (envelope-from
	<cmarlatt@rxsec.com>, uid 2008) with qmail-scanner-1.25-st-qms 
	(clamdscan: 0.86.2/1102. spamassassin: 3.0.4. perlscan: 1.25-st-qms. 
	Clear:RC:0(10.1.0.239):SA:0(-4.4/5.0):. 
	Processed in 1.557407 secs); 07 Mar 2008 22:49:48 -0000
X-Spam-Status: No, hits=-4.4 required=5.0
X-Antivirus-RXSEC-Mail-From: cmarlatt@rxsec.com via core.rxsec.com
X-Antivirus-RXSEC: 1.25-st-qms (Clear:RC:0(10.1.0.239):SA:0(-4.4/5.0):.
	Processed in 1.557407 secs Process 94957)
Received: from unknown (HELO ?10.1.0.239?) (cmarlatt@rxsec.com@10.1.0.239)
	by core.rxsec.com with SMTP; 7 Mar 2008 22:49:46 -0000
Message-ID: <47D1C815.5050004@rxsec.com>
Date: Fri, 07 Mar 2008 17:56:21 -0500
From: Chris Marlatt <cmarlatt@rxsec.com>
Organization: Receive Security
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: Lorenz Helleis <lorenzhelleis@yahoo.com.br>
References: <312816.32112.qm@web53707.mail.re2.yahoo.com>
In-Reply-To: <312816.32112.qm@web53707.mail.re2.yahoo.com>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Cc: freebsd-pf@freebsd.org
Subject: Re: Res: Res: Res: Dropped Packets
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Mar 2008 22:56:31 -0000

Lorenz Helleis wrote:
> Indeed, do you have any min & max number for bps and pps for this 
> firewall's internal and external interfaces? On which interface are you 
> dropping the packets?
> 
> Regards,
> 
>     Chris
> 
> 
> 
> 300Mbps   and  20.000 pps.  But  i  will do a biggest firewall. 
> 
> This is an internal firewall...  I think the entry in the table session is desapearing, so the client needs to make another conection.  I´m thinking about create a stateless rule. 
> 

Do the machines generating the traffic have multiple paths?

The only time I've really seen pf have problems with sessions is when 
the devices send and receive traffic via different paths or multiple 
paths (i.e. traffic comes in via firewall01 but goes out firewall02 and 
firewall01 and firewall02 do not implement pfsync).

Regards,

	Chris