Using scrub + rdr gre does not work as expected
Scott Ullrich
sullrich at gmail.com
Thu Jan 18 00:07:00 UTC 2007
Hi,
We are trying to track down an issue when using the Frickin PPTP
proxy. When we use "scrub in all random-id fragment reassemble" the
GRE traffic fails to get rdr'd properly. If we remove the scrub
directive the traffic flows as it should. Here is a look at the state
list both ways:
With scrub:
self gre 192.168.10.198 <- 192.168.10.1 MULTIPLE:MULTIPLE
self gre 192.168.1.199 -> 192.168.10.1 SINGLE:NO_TRAFFIC
self gre 192.168.10.1 -> 192.168.1.199 MULTIPLE:MULTIPLE
Without scrub:
self gre 127.0.0.1 <- 192.168.10.1 <- 192.168.1.199 NO_TRAFFIC:SINGLE
Also, why is the IP address changing in these states? We are only
using .199 here as a test.
Anyone have an idea? This works okay on OpenBSD 3.6. I am told by
the Frickin PPTP author that it works ok on 6.0 but it appears broken
on 6.2.
FreeBSD pfsense.local 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12
15:32:48 EST 2007
sullrich at default.domain.com:/usr/obj.pfSense/usr/src/sys/pfSense.6
i386
Thanks in advance!
More information about the freebsd-pf
mailing list