IPFilter, mpd/Netgraph problems on RELENG_4
Gleb Smirnoff
glebius at freebsd.org
Tue Dec 14 00:53:13 PST 2004
Peter,
does the problem disappear if you turn ipfilter off, and run natd on this
interface? it is not clear from your mail.
On Tue, Dec 14, 2004 at 10:05:50AM +0200, Peter Pentchev wrote:
P> I am seeing a lot of ICMP Must Fragment packets with incorrect ICMP
P> checksums on a RELENG_4 box which holds up 40-60 PPTP (mpd/Netgraph) VPN
P> connections at any given time. The peer understandably ignores the ICMP
P> packet with a bad checksum and never fragments the offending TCP packet,
P> effectively killing the connection after a while.
P>
P> A major point is that I'm only seeing them on the interfaces NAT'ed by
P> ipnat. Is anybody else having trouble with ICMP checkums with IPFilter
P> 3.4.35 on a reasonably recent RELENG_4 box?
P>
P> FreeBSD unnamed 4.10-STABLE FreeBSD 4.10-STABLE #1: Thu Dec 2 10:31:16 EET 2004 root at unnamed:/usr/obj/usr/src-bsd/4.0S/src/sys/UNNAMED i386
P>
P> drwxr-xr-x 2 root wheel 512 Dec 2 11:43 /var/db/pkg/mpd-3.18_2
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
More information about the freebsd-net
mailing list