Bug in netgraph?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Bug in netgraph?

Sebastiaan van Erk

There seems to be a bug/problem with GRE (netgraph) in FreeBSD in
dealing with fragmented packets. When I have the following nat rules:

List of active MAP/Redirect filters:
map ng0 -> portmap tcp/udp 40000:50000
mssclamp 60
map ng0 -> mssclamp 60

everything works, but when I don't include the mssclamp option then
connects to for example www.google.com (searching for test) from my
internal network hang and timeout constantly.

I'm using FreeBSD 6.0 stable in combination with mpd and ipfilter 4.1.18:

IP Filter: v4.1.8 initialized.  Default = block all, Logging = enabled

sebster@piglet(ttyp8:16:64):~> mpd --version
Version 3.18 ([hidden email] 22:28  5-Nov-2005)

sebster@piglet(ttyp8:12:0):~> uname -a
FreeBSD piglet.sebster.com 6.0-STABLE FreeBSD 6.0-STABLE #12: Wed Nov 16
13:34:20 CET 2005
[hidden email]:/usr/obj/usr/src/sys/PIGLET  i386

Sebastiaan van Erk
[hidden email] mailing list
To unsubscribe, send any mail to "[hidden email]"