From owner-freebsd-questions@FreeBSD.ORG Fri Jun 10 15:29:50 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 90EFA16A41C for ; Fri, 10 Jun 2005 15:29:50 +0000 (GMT) (envelope-from chris@sigd.net) Received: from ms05.mailstreet2003.net (MS05.mailstreet2003.net [63.251.155.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3134543D49 for ; Fri, 10 Jun 2005 15:29:50 +0000 (GMT) (envelope-from chris@sigd.net) Received: from 216.253.190.66 ([216.253.190.66]) by ms05.mailstreet2003.net ([10.0.25.5]) via Exchange Front-End Server owa.mailstreet2003.net ([10.0.25.4]) with Microsoft Exchange Server HTTP-DAV ; Fri, 10 Jun 2005 15:29:37 +0000 Received: from home.sigd.net by owa.mailstreet2003.net; 10 Jun 2005 10:28:55 -0500 From: Chris Haulmark To: STST In-Reply-To: <010501c56d8d$7168b130$36764b0a@hq.ida.gov.sg> References: <010501c56d8d$7168b130$36764b0a@hq.ida.gov.sg> Content-Type: text/plain Content-Transfer-Encoding: 7bit Date: Fri, 10 Jun 2005 10:28:54 -0500 Message-Id: <1118417334.36978.8.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.2.2 FreeBSD GNOME Team Port Cc: freebsd-questions@freebsd.org Subject: Re: Dropped fragment GRE X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: chris@sigd.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jun 2005 15:29:50 -0000 On Fri, 2005-06-10 at 15:24 +0800, STST wrote: > Hi all, > > I am currently running ipfw from FreeBSD-5.3-RELEASE on my box. The > box passes GRE packets from the external to the internal network. We > run Microsoft RDP over PPTP through the firewall. After upgrading to > FreeBSD 5.3, we realised that the RDP connections never get initiated. > When I did a tcpdump on the internal and external interfaces of the > FW, I realised that there were fragmented GRE packets arriving at the > FW, but however, these packets do not leave the FW. I also observed > the SEQ no. in the GRE packets ingress/egress, and there were missing > GRE packets on the egress. > > My deduction was that ipfw was dropping these fragmented GRE packets, > but however, these events were shown on syslog. How do I make ipfw log > dropped/silently rejected packets? How to I prevent ipfw from dropping > these packets? GRE would need a rule. ipfw add allow gre from any to any To turn off your logging abilities, don't use log or logmount in your rule bodies. Chris Haulmark > > Appreciate all help given, > > Thank you. > > J.W. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"