From owner-freebsd-questions@FreeBSD.ORG Fri May 5 00:18:10 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44B3216A400 for ; Fri, 5 May 2006 00:18:10 +0000 (UTC) (envelope-from dennisolvany@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.225]) by mx1.FreeBSD.org (Postfix) with ESMTP id B4F6A43D45 for ; Fri, 5 May 2006 00:18:09 +0000 (GMT) (envelope-from dennisolvany@gmail.com) Received: by wr-out-0506.google.com with SMTP id 69so436035wra for ; Thu, 04 May 2006 17:18:09 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; b=gkjDKDgmh+ugC1v3FaF1ptVHCn72cBUfelKrtw45K/vH6xaT1v7qQQLwJe62Pc2m/qHXchzTm95wPQakm0zmhMGmabD1Dqf+1XlQ8HxpyRjJbHu7Kj/lCfEMShTsPorp9dFjPqVpZCQhy6fYBNVZkUKiC8kfadQWiLnLXzN9CME= Received: by 10.54.67.2 with SMTP id p2mr1172652wra; Thu, 04 May 2006 17:18:09 -0700 (PDT) Received: from ?195.16.87.34? ( [67.102.60.210]) by mx.gmail.com with ESMTP id 12sm253799wrl.2006.05.04.17.18.02; Thu, 04 May 2006 17:18:03 -0700 (PDT) Message-ID: <445A99B9.9020100@gmail.com> Date: Thu, 04 May 2006 19:18:01 -0500 From: Dennis Olvany User-Agent: Thunderbird 1.5 (X11/20060211) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: ipfw: denied frags X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 May 2006 00:18:10 -0000 I've traced a problem to IPFW dropping frags, but have no idea what to make of the log or how to go about fixing the issue. Please advise. Possibly, someone could decode this: (frag 13695:67@1480). 10600 is a default deny and a dynamic rule exists to allow this traffic. The only problematic traffic is traffic that is near-mtu. Smaller pdu's have no problem. May 4 19:05:36 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 13695:67@1480) May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 20569:8@1472+) May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 20569:67@1480) May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 20570:8@1472+) May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 20570:67@1480) May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 20571:8@1472+) May 4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 20571:67@1480) May 4 19:05:48 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 21244:8@1472+) May 4 19:05:48 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 21244:67@1480) May 4 19:05:50 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 23141:8@1472+) May 4 19:05:50 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 23141:67@1480) May 4 19:05:54 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 26828:8@1472+) May 4 19:05:54 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 26828:67@1480) May 4 19:06:02 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 33624:8@1472+) May 4 19:06:02 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 192.168.102.10 in via ste0 (frag 33624:67@1480)