In-kernel NAT [ipfw] dropping large UDP return packets
Michael Sierchio
kudzu at tenebras.com
Wed Jun 13 17:22:58 UTC 2018
On Wed, Jun 13, 2018 at 10:16 AM, Jeff Kletsky <freebsd at wagsky.com> wrote:
When a T-Mobile "femto-cell" is trying to establish its IPv4, IPSEC tunnel
> to the T-Mobile provisioning servers, the reassembled, 4640-byte return
> packet is silently dropped by the in-kernel NAT, even though it "matches"
> the outbound packet from less than 100 ms prior.
Do you have a 'reass' rule before applying nat on inbound traffic?
- M
--
"Well," Brahma said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent person requires only two thousand five hundred."
- The Mahābhārata
More information about the freebsd-ipfw
mailing list