Thanks for the reply If tried that as well and it didn't help
On Thu, May 8, 2008 00:24, Ansar Mohammed wrote: > Yes I had similar issues > > > Try > scrub on ng0 all reassemble tcp scrub on ng1 all reassemble tcp > > > >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:owner-freebsd- >> [EMAIL PROTECTED] On Behalf Of Reinhold Sent: May 7, 2008 7:01 PM >> To: [email protected] >> Subject: plagued by bad hdr length >> >> >> Hi >> >> >> I'm getting loads of bad hdr length from pf on our router running >> freebsd 7.0 >> >> I've tried just about everything I could find with google. >> >> >> Lowering the mtu on my ng devices from 1492 all the way to 1485, >> anything lower then that and we can't ssh out of our network and I get >> loads of time outs every where. >> >> I've tried also pretty much every possible solution with the scrub >> rules in pf, I even disabled it a few times. >> >> I honestly don't know what to try next. >> >> >> tcpdump -n -e -tttt -i pflog0 2008-05-07 23:42:06.596965 rule >> 78/0(match): pass in on ng0: >> 89.240.55.163.3164 > 192.168.1.5.80: tcp 20 [bad hdr length 8 - too >> short, < 20] 2008-05-07 23:42:07.051043 rule 78/0(match): pass in on ng0: >> 89.240.55.163.3165 > 192.168.1.5.80: tcp 20 [bad hdr length 8 - too >> short, < 20] 2008-05-07 23:42:25.697087 rule 76/0(match): pass in on ng0: >> 80.81.242.13.51145 > 192.168.1.5.22: tcp 36 [bad hdr length 8 - too >> short, < 20] 2008-05-07 23:42:30.561467 rule 77/0(match): pass in on ng1: >> 80.81.242.14.63900 > 192.168.1.5.22: tcp 36 [bad hdr length 8 - too >> short, < 20] >> >> And here are the same log again >> tcpdump -n -e -tttt -r /var/log/pflog 2008-05-07 23:42:06.596965 rule >> 78/0(match): pass in on ng0: >> 89.240.55.163.3164 > 192.168.1.5.80: S 3008361134:3008361134(0) win >> 16384 >> <mss 1360,nop,nop,sackOK> >> 2008-05-07 23:42:07.051043 rule 78/0(match): pass in on ng0: >> 89.240.55.163.3165 > 192.168.1.5.80: S 1482992447:1482992447(0) win >> 16384 >> <mss 1360,nop,nop,sackOK> >> 2008-05-07 23:42:25.697087 rule 76/0(match): pass in on ng0: >> 80.81.242.13.51145 > 192.168.1.5.22: S 555277666:555277666(0) win 65535 >> <mss 1460,nop,wscale 1,nop,nop,timestamp[|tcp]> >> 2008-05-07 23:42:30.561467 rule 77/0(match): pass in on ng1: >> 80.81.242.14.63900 > 192.168.1.5.22: S 966982942:966982942(0) win 65535 >> <mss 1460,nop,wscale 1,nop,nop,timestamp[|tcp]> >> >> >> Here is my ifconfig >> ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric >> 0 >> mtu 1492 inet wan1-ip --> wan1-gw netmask 0xffffffff ng1: >> flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 >> mtu 1492 inet wan2-ip --> wan2-gw netmask 0xffffffff >> >> Anyone out there that can lend me a hand with fixing this? >> >> >> Thanks >> Reinhold >> >> >> _______________________________________________ >> [email protected] mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions- >> [EMAIL PROTECTED]" > > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
