On Fri, 20 Jan 2017, Kristof Provost wrote:
On 20 Jan 2017, at 22:12, Ermal Luçi wrote:
Most probably your timeouts are aggressive on states garbage collection.
Give a look to those state limit teardown it might improve things.
Less than 30 seconds seems extremely quick to time out.
I also wouldn’t expect pf to set up NAT state in the middle of a TCP
connection.
It’s certainly worth a try to play with the timeouts though.
It might be interesting to see what they’re set to right now. `pfctl -s all`
should show them.
I had the defaults as shown by others, except src.track was zero by
default. Setting this to 30 suddenly let some static content sites
work, like img.bbstatic.com for BestBuy's website.
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
