On 2019/12/14 17:15, Chris wrote: > On Sat, 14 Dec 2019 14:54:26 -0500 John W. OBrien j...@saltant.com said > >> Hello FreeBSD Networking, >> >> As the subject summarizes, I have a mostly-working NAT64 rig, but return >> traffic is disappearing, and I haven't been able to figure out why. I >> observe the post-translation (4-to-6) packets via ipfwlog0, but a simple >> ipfw counter rule ipfw matches nothing. >> >> My attempt to develop a minimum reproducible example failed in the sense >> that I did not reproduce the problem. Of course, this implies that one >> of the many differences between the simplified test (EC2 instance, two >> jails) and the problem rig (physical server, lagg, vlans, other things >> going on) is the cause. >> >> What I am hoping this list can help me with is being smart about what I >> try next. Otherwise, I would probably just try to brute force a solution >> by thinking of ways to permute the config that would rule each possible >> difference in or out. >> >> So far my main troubleshooting tools have been ipfw for its rule >> counters and nat64lsn stats output, netstat to look at fibs, and tcpdump >> pointed at real and diagnostic interfaces. What debugging tools and >> techniques should I employ to do better than brute force? >> >> If it would help, I would gladly share the working, EC2/jail demo >> configs on the list. Sharing the non-working configs I would prefer to >> do privately or not at all. >> >> This is on 12.1-RELEASE. >> >> Thank you, > > pf(4) is pretty close to metal, and would probably be a good candidate for > acquiring the type of statistics your hoping to find; pfctl(8), pfctl -s, > and pfctl -T are a few examples.
Hi Chris,
Thank you for the suggestion. I think I need a little help understanding
how I would put it into practice though. The nat64lsn module is part of
the ipfw firewall, and pf in FreeBSD hasn't yet picked up a NAT64
capability, so I cannot abandon ipfw in this case. Is the idea to run
ipfw and pf at the same time?
--
John W. O'Brien
OpenPGP keys:
0x33C4D64B895DBF3B
signature.asc
Description: OpenPGP digital signature
