Date: Thu, 18 Jan 2007 14:55:12 -0500 From: "Scott Ullrich" <sullrich@gmail.com> To: FreeBSD <freebsd-pf@freebsd.org> Subject: Re: Using scrub + rdr gre does not work as expected Message-ID: <d5992baf0701181155s270dc72dub449f2f1689b4898@mail.gmail.com> In-Reply-To: <d5992baf0701171538g2f53e546q915f47fe292894e8@mail.gmail.com> References: <d5992baf0701171538g2f53e546q915f47fe292894e8@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/17/07, Scott Ullrich <sullrich@gmail.com> wrote: > Hi, > > We are trying to track down an issue when using the Frickin PPTP > proxy. When we use "scrub in all random-id fragment reassemble" the > GRE traffic fails to get rdr'd properly. If we remove the scrub > directive the traffic flows as it should. Here is a look at the state > list both ways: > > With scrub: > > self gre 192.168.10.198 <- 192.168.10.1 MULTIPLE:MULTIPLE > self gre 192.168.1.199 -> 192.168.10.1 SINGLE:NO_TRAFFIC > self gre 192.168.10.1 -> 192.168.1.199 MULTIPLE:MULTIPLE > > Without scrub: > > self gre 127.0.0.1 <- 192.168.10.1 <- 192.168.1.199 NO_TRAFFIC:SINGLE > > Also, why is the IP address changing in these states? We are only > using .199 here as a test. > > Anyone have an idea? This works okay on OpenBSD 3.6. I am told by > the Frickin PPTP author that it works ok on 6.0 but it appears broken > on 6.2. > > FreeBSD pfsense.local 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 > 15:32:48 EST 2007 > sullrich@default.domain.com:/usr/obj.pfSense/usr/src/sys/pfSense.6 > i386 > > Thanks in advance! > Here is an update to this. We tried to skip scrubbing on lo0 with "set skip on lo0" but the problem persists. For some reason PF is using the wrong IP address in the states list: # pfctl -ss | grep gre self gre 192.168.10.198 <- 192.168.10.1 NO_TRAFFIC:SINGLE self gre 192.168.1.199 -> 192.168.10.1 SINGLE:NO_TRAFFIC self gre 192.168.10.1 -> 192.168.1.199 MULTIPLE:MULTIPLE NOTE: 198 is not even an active host on this network. The host does not exist at all. This seems like a bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d5992baf0701181155s270dc72dub449f2f1689b4898>