Incomming TCP not passing through NAT
-
Hello,
I'm trying to use a SFP NIC to connect to the internet. I have setup my interfaces as:
WAN - PPPOE0(cxl1.3900); PPoE on SFP NIC using VLAN 3900
LAN - igb0; Intel Ethernet NIC
MGMT - cxl1; SFP managment interface (needed for configuring the SFP serial number, version, etc..)With this I can ping public IPs (ex. 1.1.1.1) and DNS also works. But when I try to make TCP connections the response never makes it back to the client. If I make a packet capture I see the response (albeit on the MGMT interface not on the WAN interface) and it has the correct VLAN id and destination port, it just doesn't seem to get translated back to the local IP.
My NAT mode is set to hybrid, but I'm only using automatically generated rules. I think the problem has to do with the fact that I'm using multiple interfaces on same network port (cxl1).
-
Update:
This might not be a NAT issue after all. Even if I disable firewall (under Advanced NAT settings), I still get the same behavior - ICMP, UDP works fine but incoming TCP packets don't make it to the client, even though I can see them in a packet capture. Is it possible that this is related to the MTU size (cannot test right now)?I also tested a similar configuration on a minimal debian install, and everything there worked, so I don't think there's some major flaw in my setup.
-
Update:
Turns out it's not just TCP... any packet above 118 bytes gets ignored, but still shows up in packet dump. It's the same issue as in this topic (I'm using the same NIC). -
Update:
Speaking to Chelsio support, they suggested setting "hw.cxgbe.buffer_packing=0" in "loader.conf". This resolved my issue.