Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 15 Aug 2003 00:50:14 -0700 (PDT)
From:      Ruslan Ermilov <>
Subject:   Re: kern/47529: natd/ipfw lose TCP packets for firewalled machines
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
The following reply was made to PR kern/47529; it has been noted by GNATS.

From: Ruslan Ermilov <>
To: Martin Bartelds <>
Subject: Re: kern/47529: natd/ipfw lose TCP packets for firewalled machines
Date: Fri, 15 Aug 2003 10:42:51 +0300

 On Thu, Aug 14, 2003 at 08:58:09PM +0200, Martin Bartelds wrote:
 > I'm not sure about the legitimacy of the "closed" action.
 > I do have at least one FW/FTP system with NAT which experiences
 > significant packet losses since I moved to IPFW2. Even ping's get lost
 > every now and then, whereas previously with IPFW this didn't happen.
 > Apart from the lost ping's, I also see a lot of hickups when collecting email
 > and doing FTP throught the FW/NAT. Locally and to/from the backbone
 > everything seems to be perfect, only once NAT is involved I do have
 > packet losses. I do use IPFW2's features IPLen, queue, pipe, recv and xmit.
 > Between the FW/FTP server and the backbone, I do have transfer rates
 > of up to 600 Kbyte/s on a 7.6 Mbit pipe. These transfers don't seem to
 > suffer from the hickups.
 > If you do have suggestions how to pinpoint this to a more definated
 > point of failure, I'm open for testing.
 I wish you would mention that your problem is bound to IPFW2 in the PR.
 Whatever, does the problem still exist in recent versions of 5.1-CURRENT?
 If not, please try it.  If so, please give us simple steps to reproduce
 the problem.  It should be possible for you, since you tell me that you
 believe the problem is with FW/NAT, so please start from a simple config,
 and see if the problem exists.  If not, add features that you need, and
 see again.
 Ruslan Ermilov		Sysadmin and DBA,		Sunbay Software Ltd,		FreeBSD committer

Want to link to this message? Use this URL: <>