Date: Sat, 14 Dec 2019 14:15:29 -0800 From: Chris <bsd-lists@BSDforge.com> To: "John W. OBrien" <john@saltant.com> Cc: FreeBSD Networking <freebsd-net@freebsd.org> Subject: Re: NAT64 return traffic vanishes after successful de-alias Message-ID: <2401399a05f75fa4b78f4d66c67c9e97@udns.ultimatedns.net> In-Reply-To: <9f3ee846-1357-0b73-cc0f-e001ea74b15c@saltant.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 14 Dec 2019 14:54:26 -0500 John W=2E OBrien john@saltant=2Ecom said > Hello FreeBSD Networking, >=20 > As the subject summarizes, I have a mostly-working NAT64 rig, but return > traffic is disappearing, and I haven't been able to figure out why=2E I > observe the post-translation (4-to-6) packets via ipfwlog0, but a simple > ipfw counter rule ipfw matches nothing=2E >=20 > My attempt to develop a minimum reproducible example failed in the sense > that I did not reproduce the problem=2E Of course, this implies that one > of the many differences between the simplified test (EC2 instance, two > jails) and the problem rig (physical server, lagg, vlans, other things > going on) is the cause=2E >=20 > What I am hoping this list can help me with is being smart about what I > try next=2E Otherwise, I would probably just try to brute force a solution > by thinking of ways to permute the config that would rule each possible > difference in or out=2E >=20 > So far my main troubleshooting tools have been ipfw for its rule > counters and nat64lsn stats output, netstat to look at fibs, and tcpdump > pointed at real and diagnostic interfaces=2E What debugging tools and > techniques should I employ to do better than brute force? >=20 > If it would help, I would gladly share the working, EC2/jail demo > configs on the list=2E Sharing the non-working configs I would prefer to > do privately or not at all=2E >=20 > This is on 12=2E1-RELEASE=2E >=20 > Thank you, pf(4) is pretty close to metal, and would probably be a good candidate for acquiring the type of statistics your hoping to find; pfctl(8), pfctl -s, and pfctl -T are a few examples=2E HTH --Chris >=20 > --=20 > John W=2E O'Brien > OpenPGP keys: > 0x33C4D64B895DBF3B
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2401399a05f75fa4b78f4d66c67c9e97>