Date: Tue, 14 Dec 2004 11:53:10 +0300 From: Gleb Smirnoff <glebius@freebsd.org> To: Peter Pentchev <roam@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: IPFilter, mpd/Netgraph problems on RELENG_4 Message-ID: <20041214085310.GC42820@cell.sick.ru> In-Reply-To: <20041214080549.GC3183@straylight.m.ringlet.net> References: <20041214080549.GC3183@straylight.m.ringlet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter, does the problem disappear if you turn ipfilter off, and run natd on this interface? it is not clear from your mail. On Tue, Dec 14, 2004 at 10:05:50AM +0200, Peter Pentchev wrote: P> I am seeing a lot of ICMP Must Fragment packets with incorrect ICMP P> checksums on a RELENG_4 box which holds up 40-60 PPTP (mpd/Netgraph) VPN P> connections at any given time. The peer understandably ignores the ICMP P> packet with a bad checksum and never fragments the offending TCP packet, P> effectively killing the connection after a while. P> P> A major point is that I'm only seeing them on the interfaces NAT'ed by P> ipnat. Is anybody else having trouble with ICMP checkums with IPFilter P> 3.4.35 on a reasonably recent RELENG_4 box? P> P> FreeBSD unnamed 4.10-STABLE FreeBSD 4.10-STABLE #1: Thu Dec 2 10:31:16 EET 2004 root@unnamed:/usr/obj/usr/src-bsd/4.0S/src/sys/UNNAMED i386 P> P> drwxr-xr-x 2 root wheel 512 Dec 2 11:43 /var/db/pkg/mpd-3.18_2 -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041214085310.GC42820>