FreeBSD 7.0 and pf
Norman Maurer
norman at apache.org
Wed Mar 19 01:40:12 PDT 2008
Am Mittwoch, den 19.03.2008, 14:04 +0530 schrieb Girish Venkatachalam:
> On 07:56:48 Mar 19, Norman Maurer wrote:
> > Hi all,
> >
> > im using freebsd 7.0 + gif interfaces + racoon + pf to filter stuff on
> > my box. After upgrading to freebsd 7.0 I see some strange behavior. I
> > see packets get dropped because of bad hdr length. The problems only
> > seems to happen on traffic between the local nets and nets routed via
> > ipsec. Here is a tcpdump snipped:
> >
> > block in on em5: 192.168.175.4.1107 > 192.168.116.6.22: tcp 544 [bad
> > hdr length 12 - too short, < 20]
> >
> > gif interface:
> > gif5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1402
> > tunnel inet 213.157.17.67 --> 213.23.198.131
> > inet 192.168.116.1 --> 192.168.175.1 netmask 0xffffff00
> >
> >
> > Any help is welcome.
>
> A TCP header can never be less than 20 bytes.
>
> And 12 is odd since all headers are a multiple of 4 bytes (word
> boundary).
>
> Check your MTU of the PPPoE/PPPoA/Ethernet/WiFi or whatever datalink
> layer. I bet there is a problem there.
>
> Best,
> Girish
>
Maybe the problem is the mtu of the gif interface ( 1402 ) ?
I have a 4 mbit broadband connection ( no dsl ).
bye
Norman
More information about the freebsd-questions
mailing list