From owner-freebsd-pf@FreeBSD.ORG Thu Jan 18 00:07:00 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 872FF16A40F for ; Thu, 18 Jan 2007 00:07:00 +0000 (UTC) (envelope-from sullrich@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.190]) by mx1.freebsd.org (Postfix) with ESMTP id 26E9113C441 for ; Thu, 18 Jan 2007 00:06:59 +0000 (UTC) (envelope-from sullrich@gmail.com) Received: by nf-out-0910.google.com with SMTP id k27so27887nfc for ; Wed, 17 Jan 2007 16:06:59 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=B9KDVIy/OHe2ZDbAH+KaNpH2kxIK1KuPh1C59r+KW9JkH1eQAaYiemipKZYrpw+4jJD4MGEq9yNw4wsx4a9bdT0sAoSRoGUfn+FZi+F8itdvk9XqPEXKY6Tz+xELaOh53UIEoqN9lACf/BxkHiLynyVORhX4qJc7EVfpjTJTHjY= Received: by 10.82.183.19 with SMTP id g19mr43745buf.1169077090435; Wed, 17 Jan 2007 15:38:10 -0800 (PST) Received: by 10.82.186.11 with HTTP; Wed, 17 Jan 2007 15:38:10 -0800 (PST) Message-ID: Date: Wed, 17 Jan 2007 18:38:10 -0500 From: "Scott Ullrich" To: FreeBSD MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Using scrub + rdr gre does not work as expected X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jan 2007 00:07:00 -0000 Hi, We are trying to track down an issue when using the Frickin PPTP proxy. When we use "scrub in all random-id fragment reassemble" the GRE traffic fails to get rdr'd properly. If we remove the scrub directive the traffic flows as it should. Here is a look at the state list both ways: With scrub: self gre 192.168.10.198 <- 192.168.10.1 MULTIPLE:MULTIPLE self gre 192.168.1.199 -> 192.168.10.1 SINGLE:NO_TRAFFIC self gre 192.168.10.1 -> 192.168.1.199 MULTIPLE:MULTIPLE Without scrub: self gre 127.0.0.1 <- 192.168.10.1 <- 192.168.1.199 NO_TRAFFIC:SINGLE Also, why is the IP address changing in these states? We are only using .199 here as a test. Anyone have an idea? This works okay on OpenBSD 3.6. I am told by the Frickin PPTP author that it works ok on 6.0 but it appears broken on 6.2. FreeBSD pfsense.local 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 15:32:48 EST 2007 sullrich@default.domain.com:/usr/obj.pfSense/usr/src/sys/pfSense.6 i386 Thanks in advance!