ipfw: denied frags
Dennis Olvany
dennisolvany at gmail.com
Fri May 5 00:18:10 UTC 2006
I've traced a problem to IPFW dropping frags, but have no idea what to
make of the log or how to go about fixing the issue. Please advise.
Possibly, someone could decode this: (frag 13695:67 at 1480).
10600 is a default deny and a dynamic rule exists to allow this traffic.
The only problematic traffic is traffic that is near-mtu. Smaller pdu's
have no problem.
May 4 19:05:36 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250
192.168.102.10 in via ste0 (frag 13695:67 at 1480)
May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250
192.168.102.10 in via ste0 (frag 20569:8 at 1472+)
May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250
192.168.102.10 in via ste0 (frag 20569:67 at 1480)
May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250
192.168.102.10 in via ste0 (frag 20570:8 at 1472+)
May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250
192.168.102.10 in via ste0 (frag 20570:67 at 1480)
May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250
192.168.102.10 in via ste0 (frag 20571:8 at 1472+)
May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250
192.168.102.10 in via ste0 (frag 20571:67 at 1480)
May 4 19:05:48 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250
192.168.102.10 in via ste0 (frag 21244:8 at 1472+)
May 4 19:05:48 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250
192.168.102.10 in via ste0 (frag 21244:67 at 1480)
May 4 19:05:50 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250
192.168.102.10 in via ste0 (frag 23141:8 at 1472+)
May 4 19:05:50 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250
192.168.102.10 in via ste0 (frag 23141:67 at 1480)
May 4 19:05:54 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250
192.168.102.10 in via ste0 (frag 26828:8 at 1472+)
May 4 19:05:54 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250
192.168.102.10 in via ste0 (frag 26828:67 at 1480)
May 4 19:06:02 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250
192.168.102.10 in via ste0 (frag 33624:8 at 1472+)
May 4 19:06:02 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250
192.168.102.10 in via ste0 (frag 33624:67 at 1480)
More information about the freebsd-questions
mailing list