IPFilter, mpd/Netgraph problems on RELENG_4
Peter Pentchev
roam at FreeBSD.org
Tue Dec 14 00:05:54 PST 2004
Hi,
I am seeing a lot of ICMP Must Fragment packets with incorrect ICMP
checksums on a RELENG_4 box which holds up 40-60 PPTP (mpd/Netgraph) VPN
connections at any given time. The peer understandably ignores the ICMP
packet with a bad checksum and never fragments the offending TCP packet,
effectively killing the connection after a while.
A major point is that I'm only seeing them on the interfaces NAT'ed by
ipnat. Is anybody else having trouble with ICMP checkums with IPFilter
3.4.35 on a reasonably recent RELENG_4 box?
FreeBSD unnamed 4.10-STABLE FreeBSD 4.10-STABLE #1: Thu Dec 2 10:31:16 EET 2004 root at unnamed:/usr/obj/usr/src-bsd/4.0S/src/sys/UNNAMED i386
drwxr-xr-x 2 root wheel 512 Dec 2 11:43 /var/db/pkg/mpd-3.18_2
G'luck,
Peter
--
Peter Pentchev roam at ringlet.net roam at cnsys.bg roam at FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
This sentence was in the past tense.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20041214/5760c26a/attachment.bin
More information about the freebsd-net
mailing list