Date: Mon, 3 Aug 2009 16:15:42 -0800 From: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net> To: freebsd-questions@freebsd.org Cc: markham roan <mrkhmroan@gmail.com> Subject: Re: Windows 2008 + AD + PF + bridge = problems? Message-ID: <200908031615.42843.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> In-Reply-To: <548f3c460907311115y5e89341ds91b43cd62c16dbf4@mail.gmail.com> References: <548f3c460907311115y5e89341ds91b43cd62c16dbf4@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 31 July 2009 10:15:56 markham roan wrote: > A packet capture revealed a number of anomalies. Once the server starts > trying to join the domain, we get all sorts of TCP transmission errors, > retries, duplicate ACKs etc. In some cases, the public side of the > firewall will send an ICMP host-unreachable message for a host which is > clearly being BINAT. > > I've tinkered with net.inet.ip.intr_queue_maxlen, but it doesn't seem to > help. net.inet.ip.intr_queue_drops isn't increasing at a noticeable rate, > anyway. > > Does anyone have any thoughts and/or advice on where I can go from here? No experience with the case at hand, but I do see that Vista started to use IGMP protocol even when there's no obvious need to do so. Given that "allow all" does in fact only allow a handful of IP protocols, excluding IGMP, you may want to investigate if you're not silently blocking (or not translating) one of the more obscure IP protocols. -- Mel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908031615.42843.mel.flynn%2Bfbsd.questions>