From owner-freebsd-stable Sun Oct 21 6:24: 2 2001 Delivered-To: freebsd-stable@freebsd.org Received: from lemori.mokr.ru (lemori.mokr.ru [212.16.28.194]) by hub.freebsd.org (Postfix) with ESMTP id C149B37B403 for ; Sun, 21 Oct 2001 06:23:57 -0700 (PDT) Received: (from root@localhost) by lemori.mokr.ru (8.11.3/8.11.3/009161) id f9LDNjY11716; Sun, 21 Oct 2001 17:23:45 +0400 (MSD) Received: from swan (localhost [127.0.0.1]) by lemori.mokr.ru (8.11.3/8.11.3/009161av) with SMTP id f9LDMoT11709; Sun, 21 Oct 2001 17:22:57 +0400 (MSD) Message-ID: <0e8e01c15a33$86d8c670$0242a8c0@mokr.ru> From: "Sergey Mokryshev" To: "Herbert" , "FreeBSD Stable" References: <3BD21435.4060605@quake.com.au> <3BD2538D.80604@quake.com.au> <20011021121329.E78028@moya.lambermont.dyndns.org> <3BD2B8ED.7020404@quake.com.au> <20011021150747.A23735@freebsd2.rocks> Subject: Re: ICQ with NAT problems Date: Sun, 21 Oct 2001 17:21:13 +0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by AMaViS perl-10 (lemori.mokr.ru) Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ----- Original Message ----- From: "Herbert" To: "FreeBSD Stable" Sent: 21 ??????? 2001 ?. 17:07 Subject: Re: ICQ with NAT problems > Hei! > > I had a similar problem with licq. After adding the following rules to > my ipf config the continous disconnections stopped: > > pass in log quick on xl0 proto udp from xxx.xxx.xxx.xxx port = 4000 to > any > (xxx.xxx.xxx.xxx = 205.188.153.[97..102]) > > Removing the lines, the problem returns. > > IPF was blocking udp packets from mirabilis: > > 21/10/2001 15:00:39.249682 2x xl0 @0:10 b 205.188.153.102,4000 -> > 192.168.xx.xxx,49169 PR udp len 20 13568 IN > > Any comments? > #cat /etc/sysctl.conf net.inet.ipf.fr_udptimeout=480 net.inet.ipf.fr_udpacktimeout=480 Will do the trick. The problem is in the new 'udp ack' code, which was introduced, I believe, in ipf 3.4.20. Unfortunately net.inet.ipf.fr_udpacktimeout variable was added after the merging of ipf into the FreeBSD source tree, so for ones who don't want to grab and compile ipf34-current there is the only workaround you mentioned... Sincerely yours, Sergey Mokryshev. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message