From owner-freebsd-questions@FreeBSD.ORG Mon May 28 04:39:36 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AB19A16A400 for ; Mon, 28 May 2007 04:39:36 +0000 (UTC) (envelope-from ansarm@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.178]) by mx1.freebsd.org (Postfix) with ESMTP id 6C35F13C45B for ; Mon, 28 May 2007 04:39:36 +0000 (UTC) (envelope-from ansarm@gmail.com) Received: by py-out-1112.google.com with SMTP id p76so2646503pyb for ; Sun, 27 May 2007 21:39:35 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:from:to:subject:date:message-id:mime-version:content-type:content-transfer-encoding:x-mailer:thread-index:x-mimeole; b=a1IxYszYuXZk7YFsae/HMfSQ0P3eNoBVRSHXTZvNs5lpBemFoHQJU0pZrwj6Z9mvu63Isc5/m1OpC7ruYqL8GRx8iHjbvKLSfa4dJ6ckbzV4iVaL87d7C/u3gMkn9orYY927BB5hmF4wyH5IHORIoxa+2879NY7U7Pddntn8/Zo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:from:to:subject:date:message-id:mime-version:content-type:content-transfer-encoding:x-mailer:thread-index:x-mimeole; b=YPyTHDH6N8TqNJm16VL4dlR0xG1UqtcJ+q/uUso/jWIi4N/hW/9gzlqVQaOaIVAqTYU8OI7rvUeiF5axHNvbzrAt76j8K4GT/ctZoFuVP/q5AYB5G31aa0ngPNCMueqmPREbS+sZ6C8N7bSXaIT/XKEtvBCyJ4D8uy79Yts44OA= Received: by 10.65.137.5 with SMTP id p5mr207770qbn.1180327175866; Sun, 27 May 2007 21:39:35 -0700 (PDT) Received: from ansarmm2 ( [206.248.190.95]) by mx.google.com with ESMTP id e16sm10691786qba.2007.05.27.21.39.35; Sun, 27 May 2007 21:39:35 -0700 (PDT) From: "Ansar Mohammed" To: Date: Mon, 28 May 2007 00:39:34 -0400 Message-ID: <000f01c7a0e2$314cfa90$0105a8c0@northamerica.corp.microsoft.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: Aceg4jCa0KRO9oiQQlW+bB88fASZiA== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Subject: pf BINAT broken X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2007 04:39:36 -0000 I have come to realize that the bidirectional nat of FreeBSD 6.2 is broken. If I configure the same rule, with a rdr, it works fine. I have a 1:1: NAT from my internal network to one of my public IPs. I am using FreeBSD PPPoE. I have disabled NAT on the PPP driver. If I attempt to connect back to my internal network using any TCP protocol, the 3 way handshake completes, and I get a few packets of data. Then the connection drops. Both sides try to retransmit. But to no avail. Funny enough, it works fine if you are directly connected to the internet, or through a linksys DSL router. However, through some other corporate networks, the connection drops after the first few packets of data. I have tried scrub in max-mss 700 scrub out max-mss 700 and even scrub in max-mss 250 scrub out max-mss 250 to no avail. It seems that packets with more than a few bytes of data screw up the nat tables. Any ideas anyone? Anything? Anything at all?