[Bug 201590] Zerowindow packets escape stateful in-kernel NAT
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jul 22 15:42:36 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590
--- Comment #2 from Ben Woods <woodsb02 at gmail.com> ---
I can confirm I am also seeing some local network addresses escape out to the
Internet when using IPFW with in-kernel NAT. Indeed it appears to be the
ZeroWindow packets.
# tcpdump -n -e -ttt -i tun0 src net 192.168.0.0/16
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type NULL (BSD loopback), capture size 262144 bytes
00:00:00.000000 AF IPv4 (2), length 44: 192.168.1.103.53186 >
216.58.220.142.443: Flags [.], ack 922876993, win 0, length 0
I am using FreeBSD 11-current r285792 which is current from today.
My IPFW rules also have the inbound NAT rule before the outbound NAT rule as
per the examples in the handbook.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-net
mailing list