We recently ran into an issue after upgrading a server from FreeBSD 11.2 to 12.1 where throughput via SSH pipes would crash to 48 KB/sec almost instantly after starting.

The odd thing was scp (which uses SSH) was not affected. After ruling out Internet and remote host issues we discovered that the PF rule was missing flags S/SA synproxy state at the end.

So by converting this line in our pf.conf:

pass in on $ext_if proto tcp from any to any port ssh

to this:

pass in on $ext_if proto tcp from any to any port ssh flags S/SA synproxy state

The problem was instantly fixed. I did not track down what the underlying cause was but it seems something changed between FreeBSD 11.2 to 12.1.

Hope this helps!

Call 1-828-376-0458 to Work With Professionals Who Truly Understand FreeBSD

A-Team Systems is a proud supporter of the FreeBSD Foundation and many of our administrators are direct project contributors.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Adam Strohl

FreeBSD & Linux Support

Get Professional Support Now

Only pay for what you need FreeBSD and Linux support services, starting at $165 an hour.