OK - the 100%-loss is explained since the packets are coming thru an ipsec-vpn-tunnel and while experimenting, I disallowed udp 500 and esp-packets...Sorry for the confusion.
Now this is corrected, but I still have the effect of the massive packet loss in cycles - regardless if I have nat activated or not. Cheers, Kai -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Kai Krebber Gesendet: Montag, 10. Mai 2010 09:54 An: [email protected] Betreff: Re: [networking-discuss] ipfilter passes only 15% of the packets Sorry - forgot to mention: I'm using the latest stable Version 2009.06. -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Kai Krebber Gesendet: Montag, 10. Mai 2010 09:51 An: [email protected] Betreff: [networking-discuss] ipfilter passes only 15% of the packets Hi! I just started with ipfilter on opensolaris. I'm experiencing a (IMHO) strange behaviour: I am using Opensolaris as filtering router and for testing allowing traffic to a particular system: r...@kunde003-wan:/etc/ipf# ipfstat -io empty list for ipfilter(out) pass in log quick on wan3001 from 213.172.123.138/32 to 213.172.115.4/32 pass in log quick on wan3001 from 120.0.0.0/24 to 213.172.115.4/32 In conjunction with Nat, I can see about 14-15 icmp echo requests from 120.0.0.33 hitting 213.172.115.4 and then the next about 34-37 icmp echo requests get dropped by Opensolaris (the cycle repeats permanently with slightly varying numbers). Out of curiosity, I commented out the NAT rule and refreshed ipfilter. Now, no packets get routed to the target at all. I then re-enabled the nat rule and refreshed ipfilter. Still - no packets get routed to the target. What is causing this inconsistent behavior and how can I stabilize the functionality? Cheers, Kai _______________________________________________ networking-discuss mailing list [email protected] _______________________________________________ networking-discuss mailing list [email protected] _______________________________________________ networking-discuss mailing list [email protected]
