From owner-freebsd-questions@FreeBSD.ORG Sat Jun 11 00:21:11 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C265E16A41C for ; Sat, 11 Jun 2005 00:21:11 +0000 (GMT) (envelope-from deepcracksg@yahoo.com.sg) Received: from smtp206.mail.sc5.yahoo.com (smtp206.mail.sc5.yahoo.com [216.136.129.96]) by mx1.FreeBSD.org (Postfix) with SMTP id 9228C43D48 for ; Sat, 11 Jun 2005 00:21:11 +0000 (GMT) (envelope-from deepcracksg@yahoo.com.sg) Received: (qmail 71354 invoked from network); 11 Jun 2005 00:21:11 -0000 Received: from unknown (HELO JOHNWONGXP) (deepcracksg@218.186.76.74 with login) by smtp206.mail.sc5.yahoo.com with SMTP; 11 Jun 2005 00:21:10 -0000 Message-ID: <006b01c56e1b$83346ab0$ef01a8c0@hq.ida.gov.sg> From: "STST" To: References: <010501c56d8d$7168b130$36764b0a@hq.ida.gov.sg> <1118417334.36978.8.camel@localhost> Date: Sat, 11 Jun 2005 08:21:26 +0800 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Cc: freebsd-questions@freebsd.org Subject: Re: Dropped fragment GRE X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: STST List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jun 2005 00:21:11 -0000 Hi Chris, The rule was already there: > ipfw add allow gre from any to any I also added "ipfw add allow gre from any to any frag" to pass fragmented GRE packets. ----- Original Message ----- From: "Chris Haulmark" To: "STST" Cc: Sent: Friday, June 10, 2005 11:28 PM Subject: Re: Dropped fragment GRE > On Fri, 2005-06-10 at 15:24 +0800, STST wrote: >> Hi all, >> >> I am currently running ipfw from FreeBSD-5.3-RELEASE on my box. The >> box passes GRE packets from the external to the internal network. We >> run Microsoft RDP over PPTP through the firewall. After upgrading to >> FreeBSD 5.3, we realised that the RDP connections never get initiated. >> When I did a tcpdump on the internal and external interfaces of the >> FW, I realised that there were fragmented GRE packets arriving at the >> FW, but however, these packets do not leave the FW. I also observed >> the SEQ no. in the GRE packets ingress/egress, and there were missing >> GRE packets on the egress. >> >> My deduction was that ipfw was dropping these fragmented GRE packets, >> but however, these events were shown on syslog. How do I make ipfw log >> dropped/silently rejected packets? How to I prevent ipfw from dropping >> these packets? > > GRE would need a rule. > > ipfw add allow gre from any to any > > To turn off your logging abilities, don't use log or logmount in your rule > bodies. > > Chris Haulmark > >> >> Appreciate all help given, >> >> Thank you. >> >> J.W. >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" Send instant messages to your online friends http://asia.messenger.yahoo.com