kern/168190: pfil hook leaving ip_len in wrong byte
order (ipfw?)
Michael Spratt
mike at magicislandtechnologies.com
Tue Jun 5 17:49:37 UTC 2012
Dear respected sir/s,
How can I mangle all forwarded packets on freebsd/pf/ipfw/ stamping them
with a hard set MSS like 512, I need to clamp my mss on the freebsd
forwarder/router because of gre tunnels breaking MTUPD for extranet
clients, and some sites like yahoo/hotmail will often not work.
What function in freebsd/pf/ipfw will allow me to tag all my
packets/connections with MSS=512 as I foward them or as they come in or
out of an interface. That would be cool if the OS offered a sysctl
overide.
Linux iptables equivilent of
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
or
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 512
Daniel Hartmeier wrote:
> The problem turned out to be in ipfilter, for more details see
> http://marc.info/?l=freebsd-net&m=133888532814565
>
> Daniel
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>
>
More information about the freebsd-ipfw
mailing list