Hello all. I recently replaced my router with a FreeBSD/11 box (stable/11
r308579). I am running a lagg device across two bce’s, and 802.1q vlan
interfaces atop lagg0. I’m using pf to NAT/filter out through a single outside
IP address.
I’m having the following problem. Some devices appear to be having trouble
passing traffic. Of course, I first assumed I was doing something wrong with
my pf filters, but I believe now that’s not the problem. One client machine (a
TiVo Roamio) that produces a failure reliably, so I’ve been using it for
testing, is showing that during a TCP session, which starts up fine, in the
middle of a POST operation to an outside server, there are 1500 byte packets.
These packets have the DF bit in the IP header, and then never show up on the
external interface (vlan0). Smaller packets in the same TCP stream do. But,
I’m also not seeing the ICMP from the router back to the client telling it that
it cannot send the packet.
I have tried all sorts of changes to my pf rules, including now allowing all
ICMP unconditionally on all interfaces (pass out log quick inet proto icmp
all). I have packet traces during the failed communication across pflog0,
vlan0 (external network) and vlan7 (internal network). I’d be happy to answer
any questions, or provide the traces off-list.
Does anyone have any idea what I’ve missed? Thank you very much for your help.
- Chris
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
