Date: Fri, 15 Aug 2003 00:50:14 -0700 (PDT) From: Ruslan Ermilov <ru@FreeBSD.org> To: ipfw@FreeBSD.org Subject: Re: kern/47529: natd/ipfw lose TCP packets for firewalled machines Message-ID: <200308150750.h7F7oEfp017507@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/47529; it has been noted by GNATS. From: Ruslan Ermilov <ru@FreeBSD.org> To: Martin Bartelds <bts@iaehv.nl> Cc: bug-followup@FreeBSD.org Subject: Re: kern/47529: natd/ipfw lose TCP packets for firewalled machines Date: Fri, 15 Aug 2003 10:42:51 +0300 On Thu, Aug 14, 2003 at 08:58:09PM +0200, Martin Bartelds wrote: > I'm not sure about the legitimacy of the "closed" action. > > I do have at least one FW/FTP system with NAT which experiences > significant packet losses since I moved to IPFW2. Even ping's get lost > every now and then, whereas previously with IPFW this didn't happen. > Apart from the lost ping's, I also see a lot of hickups when collecting email > and doing FTP throught the FW/NAT. Locally and to/from the backbone > everything seems to be perfect, only once NAT is involved I do have > packet losses. I do use IPFW2's features IPLen, queue, pipe, recv and xmit. > Between the FW/FTP server and the backbone, I do have transfer rates > of up to 600 Kbyte/s on a 7.6 Mbit pipe. These transfers don't seem to > suffer from the hickups. > > If you do have suggestions how to pinpoint this to a more definated > point of failure, I'm open for testing. > I wish you would mention that your problem is bound to IPFW2 in the PR. Whatever, does the problem still exist in recent versions of 5.1-CURRENT? If not, please try it. If so, please give us simple steps to reproduce the problem. It should be possible for you, since you tell me that you believe the problem is with FW/NAT, so please start from a simple config, and see if the problem exists. If not, add features that you need, and see again. Cheers, -- Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software Ltd, ru@FreeBSD.org FreeBSD committer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308150750.h7F7oEfp017507>