Date: Fri, 07 Mar 2008 17:56:21 -0500 From: Chris Marlatt <cmarlatt@rxsec.com> To: Lorenz Helleis <lorenzhelleis@yahoo.com.br> Cc: freebsd-pf@freebsd.org Subject: Re: Res: Res: Res: Dropped Packets Message-ID: <47D1C815.5050004@rxsec.com> In-Reply-To: <312816.32112.qm@web53707.mail.re2.yahoo.com> References: <312816.32112.qm@web53707.mail.re2.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Lorenz Helleis wrote: > Indeed, do you have any min & max number for bps and pps for this > firewall's internal and external interfaces? On which interface are you > dropping the packets? > > Regards, > > Chris > > > > 300Mbps and 20.000 pps. But i will do a biggest firewall. > > This is an internal firewall... I think the entry in the table session is desapearing, so the client needs to make another conection. I´m thinking about create a stateless rule. > Do the machines generating the traffic have multiple paths? The only time I've really seen pf have problems with sessions is when the devices send and receive traffic via different paths or multiple paths (i.e. traffic comes in via firewall01 but goes out firewall02 and firewall01 and firewall02 do not implement pfsync). Regards, Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47D1C815.5050004>