From owner-freebsd-ipfw@FreeBSD.ORG Fri Aug 15 00:50:15 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3A2837B401 for ; Fri, 15 Aug 2003 00:50:15 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC82F43FA3 for ; Fri, 15 Aug 2003 00:50:14 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h7F7oEUp017509 for ; Fri, 15 Aug 2003 00:50:14 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h7F7oEfp017507; Fri, 15 Aug 2003 00:50:14 -0700 (PDT) Date: Fri, 15 Aug 2003 00:50:14 -0700 (PDT) Message-Id: <200308150750.h7F7oEfp017507@freefall.freebsd.org> To: ipfw@FreeBSD.org From: Ruslan Ermilov Subject: Re: kern/47529: natd/ipfw lose TCP packets for firewalled machines X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Ruslan Ermilov List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Aug 2003 07:50:15 -0000 The following reply was made to PR kern/47529; it has been noted by GNATS. From: Ruslan Ermilov To: Martin Bartelds Cc: bug-followup@FreeBSD.org Subject: Re: kern/47529: natd/ipfw lose TCP packets for firewalled machines Date: Fri, 15 Aug 2003 10:42:51 +0300 On Thu, Aug 14, 2003 at 08:58:09PM +0200, Martin Bartelds wrote: > I'm not sure about the legitimacy of the "closed" action. > > I do have at least one FW/FTP system with NAT which experiences > significant packet losses since I moved to IPFW2. Even ping's get lost > every now and then, whereas previously with IPFW this didn't happen. > Apart from the lost ping's, I also see a lot of hickups when collecting email > and doing FTP throught the FW/NAT. Locally and to/from the backbone > everything seems to be perfect, only once NAT is involved I do have > packet losses. I do use IPFW2's features IPLen, queue, pipe, recv and xmit. > Between the FW/FTP server and the backbone, I do have transfer rates > of up to 600 Kbyte/s on a 7.6 Mbit pipe. These transfers don't seem to > suffer from the hickups. > > If you do have suggestions how to pinpoint this to a more definated > point of failure, I'm open for testing. > I wish you would mention that your problem is bound to IPFW2 in the PR. Whatever, does the problem still exist in recent versions of 5.1-CURRENT? If not, please try it. If so, please give us simple steps to reproduce the problem. It should be possible for you, since you tell me that you believe the problem is with FW/NAT, so please start from a simple config, and see if the problem exists. If not, add features that you need, and see again. Cheers, -- Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software Ltd, ru@FreeBSD.org FreeBSD committer