Hi Bjoern. My apologies for the delay in response.
> and no rules specific to ICMP? The only ICMP-specific rules allow everything through; [host1] ~# ipfw show | grep icmp 01700 35776 3023614 pipe 25 icmp from any to table(1) in via em0 01701 35776 3023614 skipto 1999 icmp from any to table(1) in via em0 01702 35009 2970684 pipe 26 icmp from table(1) to any out via em0 01703 35009 2970684 skipto 1999 icmp from table(1) to any out via em0 02004 37204 3144438 allow icmp from any to table(1) in via em0 02005 41289 3498204 allow icmp from table(1) to any out via em0 And similarly for host2; [host2] ~# ipfw show | grep icmp 01700 21550 1789832 pipe 25 icmp from any to table(1) in via fxp0 01701 21550 1789832 skipto 1999 icmp from any to table(1) in via fxp0 01702 21190 1770208 pipe 26 icmp from table(1) to any out via fxp0 01703 21190 1770208 skipto 1999 icmp from table(1) to any out via fxp0 02004 22899 1903148 allow icmp from any to table(1) in via fxp0 02005 27470 2297728 allow icmp from table(1) to any out via fxp0 > can you start trying with ping -s 1000 and going up to see when it > starts to fail? Try to find out exactly. It appears to be fine up until between 8000 and 9000, without any issues. Up to 8000, its appears to be fine. [host1] ~# ping -s 8000 citadel.os.org.za PING host2 (y.y.y.y): 8000 data bytes 8008 bytes from y.y.y.y: icmp_seq=0 ttl=112 time=533.652 ms 8008 bytes from y.y.y.y: icmp_seq=1 ttl=112 time=544.826 ms 8008 bytes from y.y.y.y: icmp_seq=2 ttl=112 time=531.899 ms 8008 bytes from y.y.y.y: icmp_seq=3 ttl=112 time=581.185 ms 8008 bytes from y.y.y.y: icmp_seq=4 ttl=112 time=674.831 ms 8008 bytes from y.y.y.y: icmp_seq=5 ttl=112 time=674.271 ms ^C --- host2 ping statistics --- 7 packets transmitted, 6 packets received, 14% packet loss round-trip min/avg/max/stddev = 531.899/590.111/674.831/61.870 ms By 9000, it starts to drop packets. [host1] ~# ping -s 9000 host2 PING host2 (y.y.y.y): 9000 data bytes 9008 bytes from y.y.y.y: icmp_seq=0 ttl=112 time=554.908 ms 9008 bytes from y.y.y.y: icmp_seq=2 ttl=112 time=527.464 ms 9008 bytes from y.y.y.y: icmp_seq=3 ttl=112 time=553.512 ms 9008 bytes from y.y.y.y: icmp_seq=4 ttl=112 time=755.606 ms 9008 bytes from y.y.y.y: icmp_seq=5 ttl=112 time=484.681 ms 9008 bytes from y.y.y.y: icmp_seq=6 ttl=112 time=485.256 ms 9008 bytes from y.y.y.y: icmp_seq=7 ttl=112 time=488.802 ms 9008 bytes from y.y.y.y: icmp_seq=8 ttl=112 time=491.750 ms 9008 bytes from y.y.y.y: icmp_seq=9 ttl=112 time=493.689 ms 9008 bytes from y.y.y.y: icmp_seq=11 ttl=112 time=547.049 ms 9008 bytes from y.y.y.y: icmp_seq=12 ttl=112 time=668.788 ms 9008 bytes from y.y.y.y: icmp_seq=13 ttl=112 time=479.957 ms 9008 bytes from y.y.y.y: icmp_seq=14 ttl=112 time=478.519 ms 9008 bytes from y.y.y.y: icmp_seq=15 ttl=112 time=479.967 ms 9008 bytes from y.y.y.y: icmp_seq=16 ttl=112 time=480.166 ms 9008 bytes from y.y.y.y: icmp_seq=17 ttl=112 time=492.812 ms ^C --- host2 ping statistics --- 18 packets transmitted, 16 packets received, 11% packet loss round-trip min/avg/max/stddev = 478.519/528.933/755.606/75.693 ms At 15000, it is fairly horrendous [host1] ~# ping -s 15000 host2 PING host2 (y.y.y.y): 15000 data bytes 15008 bytes from y.y.y.y: icmp_seq=1 ttl=112 time=510.439 ms 15008 bytes from y.y.y.y: icmp_seq=2 ttl=112 time=497.274 ms 15008 bytes from y.y.y.y: icmp_seq=5 ttl=112 time=536.947 ms 15008 bytes from y.y.y.y: icmp_seq=6 ttl=112 time=567.623 ms 15008 bytes from y.y.y.y: icmp_seq=7 ttl=112 time=534.828 ms 15008 bytes from y.y.y.y: icmp_seq=8 ttl=112 time=534.521 ms 15008 bytes from y.y.y.y: icmp_seq=13 ttl=112 time=574.470 ms 15008 bytes from y.y.y.y: icmp_seq=16 ttl=112 time=588.514 ms 15008 bytes from y.y.y.y: icmp_seq=17 ttl=112 time=575.090 ms 15008 bytes from y.y.y.y: icmp_seq=21 ttl=112 time=548.478 ms ^C --- host2 ping statistics --- 23 packets transmitted, 10 packets received, 56% packet loss round-trip min/avg/max/stddev = 497.274/546.818/588.514/28.122 ms > Also could you post the relevant netstat -rnW output? On host1; [host1] ~# netstat -rnW Routing tables Internet: Destination Gateway Flags Refs Use Mtu Netif Expire default x.x.x.1 UGS 0 705597552 1000 em0 127.0.0.1 127.0.0.1 UH 0 2887710 16384 lo0 x.x.x link#1 UC 0 0 1500 em0 x.x.x.1 00:00:0c:07:ac:0a UHLW 2 72598 1500 em0 1110 x.x.x.x 00:12:3f:ec:d1:ce UHLW 1 28404610 1500 lo0 Internet6: Destination Gateway Flags Refs Use Mtu Netif Expire ::1 ::1 UH 0 0 16384 lo0 fe80::%em0/64 link#1 UC 0 0 1500 em0 fe80::212:3fff:feec:d1ce%em0 00:12:3f:ec:d1:ce UHL 0 0 1500 lo0 fe80::%lo0/64 fe80::1%lo0 U 0 0 16384 lo0 fe80::1%lo0 fe80::1%lo0 UHL 0 0 16384 lo0 ff01:1::/32 link#1 UC 0 0 1500 em0 ff01:3::/32 ::1 UC 0 0 16384 lo0 ff02::%em0/32 link#1 UC 0 0 1500 em0 ff02::%lo0/32 ::1 UC 0 0 16384 lo0 And on host2; [host2] ~# netstat -rnW Routing tables Internet: Destination Gateway Flags Refs Use Mtu Netif Expire default y.y.y.185 UGS 0 187571667 1500 fxp0 127.0.0.1 127.0.0.1 UH 0 8689214 16384 lo0 y.y.y.185 00:0f:34:b7:dc:7f UHLW 2 72625 1500 fxp0 747 y.y.y.y 00:02:b3:eb:21:db UHLW 1 43334553 1500 lo0 Internet6: Destination Gateway Flags Refs Use Mtu Netif Expire ::1 ::1 UH 0 0 16384 lo0 fe80::%fxp0/64 link#1 UC 0 0 1500 fxp0 fe80::202:b3ff:feeb:21db%fxp0 00:02:b3:eb:21:db UHL 0 0 1500 lo0 fe80::%lo0/64 fe80::1%lo0 U 0 0 16384 lo0 fe80::1%lo0 fe80::1%lo0 UHL 0 0 16384 lo0 ff01:1::/32 link#1 UC 0 0 1500 fxp0 ff01:3::/32 ::1 UC 0 0 16384 lo0 ff02::%fxp0/32 link#1 UC 0 0 1500 fxp0 ff02::%lo0/32 ::1 UC 0 0 16384 lo0 Thanks for your assistance! -- Khetan Gajjar _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
