Bug in netgraph?
Sebastiaan van Erk
sebster at sebster.com
Wed Nov 16 11:03:23 PST 2005
Hi,
There seems to be a bug/problem with GRE (netgraph) in FreeBSD in
dealing with fragmented packets. When I have the following nat rules:
List of active MAP/Redirect filters:
map ng0 10.0.0.0/8 -> 80.126.244.3/32 portmap tcp/udp 40000:50000
mssclamp 60
map ng0 10.0.0.0/8 -> 80.126.244.3/32 mssclamp 60
everything works, but when I don't include the mssclamp option then
connects to for example www.google.com (searching for test) from my
internal network hang and timeout constantly.
I'm using FreeBSD 6.0 stable in combination with mpd and ipfilter 4.1.18:
IP Filter: v4.1.8 initialized. Default = block all, Logging = enabled
sebster at piglet(ttyp8:16:64):~> mpd --version
Version 3.18 (root at piglet.sebster.com 22:28 5-Nov-2005)
sebster at piglet(ttyp8:12:0):~> uname -a
FreeBSD piglet.sebster.com 6.0-STABLE FreeBSD 6.0-STABLE #12: Wed Nov 16
13:34:20 CET 2005
root at piglet.sebster.com:/usr/obj/usr/src/sys/PIGLET i386
Greetings,
Sebastiaan van Erk
More information about the freebsd-stable
mailing list