lost of packets

Wed, 26 Jan 2005 06:10:51 -0800 

I continue to try to use nat with pf on OpenBSD.

I send 1000 snmp request ( UDP packet ) for 1000 differents IP.
The packets pass from interface bge0 to interface bge1.
I put the nat on interface bge1.

There is an important lost of packets.

The counter "Packets In/Blocked" for interface bge0  indicate a value
of 124, WHY ???

pfctl -s all
TRANSLATION RULES:
nat on bge1 inet from 172.19.40.0/24 to 10.128.0.0/9 -> (bge1) round-robin

FILTER RULES:
block drop in log all
block drop out log all
pass out all keep state
pass quick on lo all
pass quick on bge0 all
No queue in use

STATES:
self udp 172.19.40.169:1024 -> 192.168.13.3:52939 -> 10.128.1.0:161       
SINGLE:NO_TRAFFIC
self udp 172.19.40.169:1024 -> 192.168.13.3:54406 -> 10.128.2.0:161       
SINGLE:NO_TRAFFIC
self udp 172.19.40.169:1024 -> 192.168.13.3:55997 -> 10.128.0.1:161       
SINGLE:NO_TRAFFIC
self udp 172.19.40.169:1024 -> 192.168.13.3:50088 -> 10.128.1.1:161       
SINGLE:NO_TRAFFIC
self udp 172.19.40.169:1024 -> 192.168.13.3:59982 -> 10.128.2.1:161       
SINGLE:NO_TRAFFIC
self udp 172.19.40.169:1024 -> 192.168.13.3:59460 -> 10.128.0.2:161       
SINGLE:NO_TRAFFIC
self udp 172.19.40.169:1024 -> 192.168.13.3:64233 -> 10.128.1.2:161       
SINGLE:NO_TRAFFIC
..
self udp 172.19.40.169:1024 -> 192.168.13.3:56339 -> 10.128.0.255:161       
SINGLE:NO_TRAFFIC
self udp 172.19.40.169:1024 -> 192.168.13.3:55663 -> 10.128.1.255:161       
SINGLE:NO_TRAFFIC

INFO:
Status: Enabled for 0 days 00:00:32             Debug: Misc

Hostid: 0x500b7878

Interface Stats for bge0              IPv4             IPv6
  Bytes In                           77763                0
  Bytes Out                          72860              352
  Packets In
    Passed                            1007                0
    Blocked                            124                0
  Packets Out
    Passed                             101                1
    Blocked                              0                4

State Table                          Total             Rate
  current entries                      872
  searches                            2986           93.3/s
  inserts                              872           27.2/s
  removals                               0            0.0/s
Counters
  match                               1990           62.2/s
  bad-offset                             0            0.0/s
  fragment                               0            0.0/s
  short                                  0            0.0/s
  normalize                              0            0.0/s
  memory                                 0            0.0/s
  bad-timestamp                          0            0.0/s

TIMEOUTS:
tcp.first                  3600s
tcp.opening                 900s
tcp.established          432000s
tcp.closing                3600s
tcp.finwait                 600s
tcp.closed                  180s
tcp.tsdiff                   60s
udp.first                    60s
udp.single                   30s
udp.multiple                 60s
icmp.first                   20s
icmp.error                   10s
other.first                  60s
other.single                 30s
other.multiple               60s
frag                         30s
interval                     10s
adaptive.start                0 states
adaptive.end                  0 states
src.track                     0s

LIMITS:
states     hard limit 200000
src-nodes  hard limit  10000
frags      hard limit   5000

TABLES:

OS FINGERPRINTS:
345 fingerprints loaded
/root #

Reply via email to