Windows 2008 + AD + PF + bridge = problems?
Mel Flynn
mel.flynn+fbsd.questions at mailing.thruhere.net
Tue Aug 4 00:15:46 UTC 2009
On Friday 31 July 2009 10:15:56 markham roan wrote:
> A packet capture revealed a number of anomalies. Once the server starts
> trying to join the domain, we get all sorts of TCP transmission errors,
> retries, duplicate ACKs etc. In some cases, the public side of the
> firewall will send an ICMP host-unreachable message for a host which is
> clearly being BINAT.
>
> I've tinkered with net.inet.ip.intr_queue_maxlen, but it doesn't seem to
> help. net.inet.ip.intr_queue_drops isn't increasing at a noticeable rate,
> anyway.
>
> Does anyone have any thoughts and/or advice on where I can go from here?
No experience with the case at hand, but I do see that Vista started to use
IGMP protocol even when there's no obvious need to do so. Given that "allow
all" does in fact only allow a handful of IP protocols, excluding IGMP, you
may want to investigate if you're not silently blocking (or not translating)
one of the more obscure IP protocols.
--
Mel
More information about the freebsd-questions
mailing list