From owner-freebsd-questions@FreeBSD.ORG  Tue Aug  4 00:15:45 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C1F98106566C
	for <freebsd-questions@freebsd.org>;
	Tue,  4 Aug 2009 00:15:45 +0000 (UTC)
	(envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net)
Received: from mailhub.rachie.is-a-geek.net (rachie.is-a-geek.net
	[66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 901B58FC12
	for <freebsd-questions@freebsd.org>;
	Tue,  4 Aug 2009 00:15:44 +0000 (UTC)
	(envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net)
Received: from smoochies.rachie.is-a-geek.net (mailhub.rachie.is-a-geek.net
	[192.168.2.11])
	by mailhub.rachie.is-a-geek.net (Postfix) with ESMTP id D78A47E818;
	Mon,  3 Aug 2009 16:15:43 -0800 (AKDT)
From: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net>
To: freebsd-questions@freebsd.org
Date: Mon, 3 Aug 2009 16:15:42 -0800
User-Agent: KMail/1.11.4 (FreeBSD/8.0-BETA2; KDE/4.2.4; i386; ; )
References: <548f3c460907311115y5e89341ds91b43cd62c16dbf4@mail.gmail.com>
In-Reply-To: <548f3c460907311115y5e89341ds91b43cd62c16dbf4@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200908031615.42843.mel.flynn+fbsd.questions@mailing.thruhere.net>
Cc: markham roan <mrkhmroan@gmail.com>
Subject: Re: Windows 2008 + AD + PF + bridge = problems?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2009 00:15:46 -0000

On Friday 31 July 2009 10:15:56 markham roan wrote:

> A packet capture revealed a number of anomalies.  Once the server starts
> trying to join the domain, we get all sorts of TCP transmission errors,
> retries, duplicate ACKs etc.  In some cases, the public side of the
> firewall will send an ICMP host-unreachable message for a host which is
> clearly being BINAT.
>
> I've tinkered with net.inet.ip.intr_queue_maxlen, but it doesn't seem to
> help.  net.inet.ip.intr_queue_drops isn't increasing at a noticeable rate,
> anyway.
>
> Does anyone have any thoughts and/or advice on where I can go from here?

No experience with the case at hand, but I do see that Vista started to use 
IGMP protocol even when there's no obvious need to do so. Given that "allow 
all" does in fact only allow a handful of IP protocols, excluding IGMP, you 
may want to investigate if you're not silently blocking (or not translating) 
one of the more obscure IP protocols.
-- 
Mel