On Tue, Dec 14, 2004 at 11:53:10AM +0300, Gleb Smirnoff wrote: > On Tue, Dec 14, 2004 at 10:05:50AM +0200, Peter Pentchev wrote: > P> I am seeing a lot of ICMP Must Fragment packets with incorrect ICMP > P> checksums on a RELENG_4 box which holds up 40-60 PPTP (mpd/Netgraph) VPN > P> connections at any given time. The peer understandably ignores the ICMP > P> packet with a bad checksum and never fragments the offending TCP packet, > P> effectively killing the connection after a while. > P> > P> A major point is that I'm only seeing them on the interfaces NAT'ed by > P> ipnat. Is anybody else having trouble with ICMP checkums with IPFilter > P> 3.4.35 on a reasonably recent RELENG_4 box? > P> > P> FreeBSD unnamed 4.10-STABLE FreeBSD 4.10-STABLE #1: Thu Dec 2 10:31:16 EET > 2004 [EMAIL PROTECTED]:/usr/obj/usr/src-bsd/4.0S/src/sys/UNNAMED i386 > P> > P> drwxr-xr-x 2 root wheel 512 Dec 2 11:43 /var/db/pkg/mpd-3.18_2 > > Peter, > > does the problem disappear if you turn ipfilter off, and run natd on this > interface? it is not clear from your mail.
We haven't actually tried it with natd. This is one of the possibilities that we may certainly try, though. G'luck, Peter -- Peter Pentchev [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence is false.
pgpIdPGsubj1l.pgp
Description: PGP signature
