* Stuart Henderson <[EMAIL PROTECTED]> [060614 11:34]: > On 2006/06/14 08:53, Thomas Bader wrote: > > As long as traffic gets routed from LAN via r0a to r0b every > > large download just stalls after a few kbytes. With tcpdump > > I found out that the first few kbytes make it through and > > afterwards ICMP host-unreachable messages will be generated. > > This feels like a path-mtu problem, is em0 using jumbo frames? > If that's the problem, scrub max-mss should help.
According to ifconfig all my interfaces have a MTU of 1500 set - so, jumbo frames are not getting used at all. My em0 doesn't even have a 1Gbit connection; everything is at 100Mbit. As far as I understand flushing the PF rules shouldn't make any difference if the problem would be something like path-mtu (after flushing the PF rules on both boxes, everything works well). I also disabled the two "scrub" rules before loading my pf.conf. This did also not help. Do you have any suggestions about trying "scrub" with different options (for example, max-mss)? The key is somewhere in the difference between having rules loaded and clearing them with "pfctl -F rules" (which does not disable PF, it only flushes the filter rules). I haven't yet found the difference which leads to my problem. Any help is greatly appreciated. I even once thought about the states - maybe, the connection gets stalled because PF looses the state table entry. I haven't yet found a way to further debug into this way. pfsync apparently seems to work well (for example, if the fail-over occurs my open ssh sessions aren't killed, they are still usuable). Any suggestions here? Regards, Thomas.
