PF, bridge, states and window scaling problem
freebsd-lists-erik at erikosterholm.org
Tue Nov 13 08:45:22 PST 2007
On Tue, Nov 13, 2007 at 07:25:23PM +0530, Girish Venkatachalam wrote:
> On 18:57:34 Nov 13, Girish Venkatachalam wrote:
> > I just read the post you linked. Thanks. :)
> I read the post once again and it looks as though I understood what is
> mentioned there.
> The 'no-df' in scrub rule clears the Don't fragment bit in the IP
> header. When a host wrongly sends fragmented packets with the DF bit
> set, this scrub rule "correctly" resets the DF bit.
> Now since the host made the mistake of sending a fragmented packet with
> DF bit set ( this is like saying " Please don't fragment my packet, but
> I myself have fragmented". Odd...) no-df scrub rule causes trouble.
> Scrub never causes trouble with properly formed packets.
Ah, that makes sense! In fact, if I'd done a little more reading, I'd
see that OpenBSD suggests the same:
They mention that there are some problems (NFS specifically, and "some
online games"). I believe that we've also seen some weird behavior
with Active Directory, but I'd have to check to make sure.
Thanks for the information!
More information about the freebsd-questions