Date: Sun, 21 Oct 2001 17:21:13 +0400 From: "Sergey Mokryshev" <mokr@mokr.net> To: "Herbert" <herbert@bugat.at>, "FreeBSD Stable" <freebsd-stable@freebsd.org> Subject: Re: ICQ with NAT problems Message-ID: <0e8e01c15a33$86d8c670$0242a8c0@mokr.ru> References: <3BD21435.4060605@quake.com.au> <3BD2538D.80604@quake.com.au> <20011021121329.E78028@moya.lambermont.dyndns.org> <3BD2B8ED.7020404@quake.com.au> <20011021150747.A23735@freebsd2.rocks>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Herbert" <herbert@bugat.at> To: "FreeBSD Stable" <freebsd-stable@freebsd.org> Sent: 21 ??????? 2001 ?. 17:07 Subject: Re: ICQ with NAT problems > Hei! > > I had a similar problem with licq. After adding the following rules to > my ipf config the continous disconnections stopped: > > pass in log quick on xl0 proto udp from xxx.xxx.xxx.xxx port = 4000 to > any > (xxx.xxx.xxx.xxx = 205.188.153.[97..102]) > > Removing the lines, the problem returns. > > IPF was blocking udp packets from mirabilis: > > 21/10/2001 15:00:39.249682 2x xl0 @0:10 b 205.188.153.102,4000 -> > 192.168.xx.xxx,49169 PR udp len 20 13568 IN > > Any comments? > #cat /etc/sysctl.conf net.inet.ipf.fr_udptimeout=480 net.inet.ipf.fr_udpacktimeout=480 Will do the trick. The problem is in the new 'udp ack' code, which was introduced, I believe, in ipf 3.4.20. Unfortunately net.inet.ipf.fr_udpacktimeout variable was added after the merging of ipf into the FreeBSD source tree, so for ones who don't want to grab and compile ipf34-current there is the only workaround you mentioned... Sincerely yours, Sergey Mokryshev. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0e8e01c15a33$86d8c670$0242a8c0>