Date: Thu, 04 May 2006 19:18:01 -0500 From: Dennis Olvany <dennisolvany@gmail.com> To: freebsd-questions@freebsd.org Subject: ipfw: denied frags Message-ID: <445A99B9.9020100@gmail.com>
next in thread | raw e-mail | index | archive | help
I've traced a problem to IPFW dropping frags, but have no idea what to make of the log or how to go about fixing the issue. Please advise. Possibly, someone could decode this: (frag 13695:67@1480). 10600 is a default deny and a dynamic rule exists to allow this traffic. The only problematic traffic is traffic that is near-mtu. Smaller pdu's have no problem. May 4 19:05:36 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 13695:67@1480) May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 20569:8@1472+) May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 20569:67@1480) May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 20570:8@1472+) May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 20570:67@1480) May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 20571:8@1472+) May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 20571:67@1480) May 4 19:05:48 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 21244:8@1472+) May 4 19:05:48 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 21244:67@1480) May 4 19:05:50 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 23141:8@1472+) May 4 19:05:50 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 23141:67@1480) May 4 19:05:54 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 26828:8@1472+) May 4 19:05:54 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 26828:67@1480) May 4 19:06:02 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 33624:8@1472+) May 4 19:06:02 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 33624:67@1480)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?445A99B9.9020100>