Bug in netgraph?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Bug in netgraph?

Sebastiaan van Erk
Hi,

There seems to be a bug/problem with GRE (netgraph) in FreeBSD in
dealing with fragmented packets. When I have the following nat rules:

List of active MAP/Redirect filters:
map ng0 10.0.0.0/8 -> 80.126.244.3/32 portmap tcp/udp 40000:50000
mssclamp 60
map ng0 10.0.0.0/8 -> 80.126.244.3/32 mssclamp 60

everything works, but when I don't include the mssclamp option then
connects to for example www.google.com (searching for test) from my
internal network hang and timeout constantly.

I'm using FreeBSD 6.0 stable in combination with mpd and ipfilter 4.1.18:

IP Filter: v4.1.8 initialized.  Default = block all, Logging = enabled

sebster@piglet(ttyp8:16:64):~> mpd --version
Version 3.18 ([hidden email] 22:28  5-Nov-2005)

sebster@piglet(ttyp8:12:0):~> uname -a
FreeBSD piglet.sebster.com 6.0-STABLE FreeBSD 6.0-STABLE #12: Wed Nov 16
13:34:20 CET 2005
[hidden email]:/usr/obj/usr/src/sys/PIGLET  i386

Greetings,
Sebastiaan van Erk
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[hidden email]"