From owner-freebsd-questions@FreeBSD.ORG Fri Jun 10 07:24:13 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 929BA16A41C for ; Fri, 10 Jun 2005 07:24:13 +0000 (GMT) (envelope-from deepcracksg@yahoo.com.sg) Received: from smtp206.mail.sc5.yahoo.com (smtp206.mail.sc5.yahoo.com [216.136.129.96]) by mx1.FreeBSD.org (Postfix) with SMTP id 6012543D58 for ; Fri, 10 Jun 2005 07:24:13 +0000 (GMT) (envelope-from deepcracksg@yahoo.com.sg) Received: (qmail 59748 invoked from network); 10 Jun 2005 07:24:13 -0000 Received: from unknown (HELO JOHNWONGXP) (deepcracksg@210.24.193.10 with login) by smtp206.mail.sc5.yahoo.com with SMTP; 10 Jun 2005 07:24:12 -0000 Message-ID: <010501c56d8d$7168b130$36764b0a@hq.ida.gov.sg> From: "STST" To: Date: Fri, 10 Jun 2005 15:24:09 +0800 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Dropped fragment GRE X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: STST List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jun 2005 07:24:13 -0000 Hi all, I am currently running ipfw from FreeBSD-5.3-RELEASE on my box. The box = passes GRE packets from the external to the internal network. We run = Microsoft RDP over PPTP through the firewall. After upgrading to FreeBSD = 5.3, we realised that the RDP connections never get initiated. When I = did a tcpdump on the internal and external interfaces of the FW, I = realised that there were fragmented GRE packets arriving at the FW, but = however, these packets do not leave the FW. I also observed the SEQ no. = in the GRE packets ingress/egress, and there were missing GRE packets on = the egress. My deduction was that ipfw was dropping these fragmented GRE packets, = but however, these events were shown on syslog. How do I make ipfw log = dropped/silently rejected packets? How to I prevent ipfw from dropping = these packets? Appreciate all help given, Thank you. J.W.