Peter, does the problem disappear if you turn ipfilter off, and run natd on this interface? it is not clear from your mail.
On Tue, Dec 14, 2004 at 10:05:50AM +0200, Peter Pentchev wrote: P> I am seeing a lot of ICMP Must Fragment packets with incorrect ICMP P> checksums on a RELENG_4 box which holds up 40-60 PPTP (mpd/Netgraph) VPN P> connections at any given time. The peer understandably ignores the ICMP P> packet with a bad checksum and never fragments the offending TCP packet, P> effectively killing the connection after a while. P> P> A major point is that I'm only seeing them on the interfaces NAT'ed by P> ipnat. Is anybody else having trouble with ICMP checkums with IPFilter P> 3.4.35 on a reasonably recent RELENG_4 box? P> P> FreeBSD unnamed 4.10-STABLE FreeBSD 4.10-STABLE #1: Thu Dec 2 10:31:16 EET 2004 [EMAIL PROTECTED]:/usr/obj/usr/src-bsd/4.0S/src/sys/UNNAMED i386 P> P> drwxr-xr-x 2 root wheel 512 Dec 2 11:43 /var/db/pkg/mpd-3.18_2 -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
