Hi Chris,
The rule was already there:
ipfw add allow gre from any to any
I also added "ipfw add allow gre from any to any frag" to pass fragmented
GRE packets.
----- Original Message -----
From: "Chris Haulmark" <[EMAIL PROTECTED]>
To: "STST" <[EMAIL PROTECTED]>
Cc: <[email protected]>
Sent: Friday, June 10, 2005 11:28 PM
Subject: Re: Dropped fragment GRE
On Fri, 2005-06-10 at 15:24 +0800, STST wrote:
Hi all,
I am currently running ipfw from FreeBSD-5.3-RELEASE on my box. The
box passes GRE packets from the external to the internal network. We
run Microsoft RDP over PPTP through the firewall. After upgrading to
FreeBSD 5.3, we realised that the RDP connections never get initiated.
When I did a tcpdump on the internal and external interfaces of the
FW, I realised that there were fragmented GRE packets arriving at the
FW, but however, these packets do not leave the FW. I also observed
the SEQ no. in the GRE packets ingress/egress, and there were missing
GRE packets on the egress.
My deduction was that ipfw was dropping these fragmented GRE packets,
but however, these events were shown on syslog. How do I make ipfw log
dropped/silently rejected packets? How to I prevent ipfw from dropping
these packets?
GRE would need a rule.
ipfw add allow gre from any to any
To turn off your logging abilities, don't use log or logmount in your rule
bodies.
Chris Haulmark
Appreciate all help given,
Thank you.
J.W.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
Send instant messages to your online friends http://asia.messenger.yahoo.com
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
