Date: Wed, 22 Jul 2015 15:42:36 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 201590] Zerowindow packets escape stateful in-kernel NAT Message-ID: <bug-201590-2472-BSd2QR0K4k@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-201590-2472@https.bugs.freebsd.org/bugzilla/> References: <bug-201590-2472@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590 --- Comment #2 from Ben Woods <woodsb02@gmail.com> --- I can confirm I am also seeing some local network addresses escape out to the Internet when using IPFW with in-kernel NAT. Indeed it appears to be the ZeroWindow packets. # tcpdump -n -e -ttt -i tun0 src net 192.168.0.0/16 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on tun0, link-type NULL (BSD loopback), capture size 262144 bytes 00:00:00.000000 AF IPv4 (2), length 44: 192.168.1.103.53186 > 216.58.220.142.443: Flags [.], ack 922876993, win 0, length 0 I am using FreeBSD 11-current r285792 which is current from today. My IPFW rules also have the inbound NAT rule before the outbound NAT rule as per the examples in the handbook. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-201590-2472-BSd2QR0K4k>