Date: Tue, 14 Dec 2004 11:23:13 +0200 From: Peter Pentchev <roam@ringlet.net> To: Gleb Smirnoff <glebius@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: IPFilter, mpd/Netgraph problems on RELENG_4 Message-ID: <20041214092313.GD3183@straylight.m.ringlet.net> In-Reply-To: <20041214085310.GC42820@cell.sick.ru> References: <20041214080549.GC3183@straylight.m.ringlet.net> <20041214085310.GC42820@cell.sick.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--LTeJQqWS0MN7I/qa Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Dec 14, 2004 at 11:53:10AM +0300, Gleb Smirnoff wrote: > On Tue, Dec 14, 2004 at 10:05:50AM +0200, Peter Pentchev wrote: > P> I am seeing a lot of ICMP Must Fragment packets with incorrect ICMP > P> checksums on a RELENG_4 box which holds up 40-60 PPTP (mpd/Netgraph) V= PN > P> connections at any given time. The peer understandably ignores the IC= MP > P> packet with a bad checksum and never fragments the offending TCP packe= t, > P> effectively killing the connection after a while. > P>=20 > P> A major point is that I'm only seeing them on the interfaces NAT'ed by > P> ipnat. Is anybody else having trouble with ICMP checkums with IPFilter > P> 3.4.35 on a reasonably recent RELENG_4 box? > P>=20 > P> FreeBSD unnamed 4.10-STABLE FreeBSD 4.10-STABLE #1: Thu Dec 2 10:31:16= EET 2004 root@unnamed:/usr/obj/usr/src-bsd/4.0S/src/sys/UNNAMED i386 > P>=20 > P> drwxr-xr-x 2 root wheel 512 Dec 2 11:43 /var/db/pkg/mpd-3.18_2 >=20 > Peter, >=20 > does the problem disappear if you turn ipfilter off, and run natd on th= is > interface? it is not clear from your mail. We haven't actually tried it with natd. This is one of the possibilities that we may certainly try, though. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@cnsys.bg roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence is false. --LTeJQqWS0MN7I/qa Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBvrEB7Ri2jRYZRVMRAj8oAKCX6oNOVK9nyMcH1QN88LgcCCd6tACdF8Av N77F1v6FMJ7hVWuQiaYDHO4= =SbiD -----END PGP SIGNATURE----- --LTeJQqWS0MN7I/qa--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041214092313.GD3183>