On Sat, 14 Dec 2019 14:54:26 -0500 John W. OBrien j...@saltant.com said
Hello FreeBSD Networking, As the subject summarizes, I have a mostly-working NAT64 rig, but return traffic is disappearing, and I haven't been able to figure out why. I observe the post-translation (4-to-6) packets via ipfwlog0, but a simple ipfw counter rule ipfw matches nothing. My attempt to develop a minimum reproducible example failed in the sense that I did not reproduce the problem. Of course, this implies that one of the many differences between the simplified test (EC2 instance, two jails) and the problem rig (physical server, lagg, vlans, other things going on) is the cause. What I am hoping this list can help me with is being smart about what I try next. Otherwise, I would probably just try to brute force a solution by thinking of ways to permute the config that would rule each possible difference in or out. So far my main troubleshooting tools have been ipfw for its rule counters and nat64lsn stats output, netstat to look at fibs, and tcpdump pointed at real and diagnostic interfaces. What debugging tools and techniques should I employ to do better than brute force? If it would help, I would gladly share the working, EC2/jail demo configs on the list. Sharing the non-working configs I would prefer to do privately or not at all. This is on 12.1-RELEASE. Thank you,
pf(4) is pretty close to metal, and would probably be a good candidate for acquiring the type of statistics your hoping to find; pfctl(8), pfctl -s, and pfctl -T are a few examples. HTH --Chris
-- John W. O'Brien OpenPGP keys: 0x33C4D64B895DBF3B
_______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
