Thanks a lot, folks!
The problem is solved - I put a "checksum" module between the
firewall and the "nat" module (I have netgraph[1] modules), and that
works now as expected.
Apparently, when NAT-rewriting the address of a /locally created/
packet, at the time of rewriting the checksum has not
On Tuesday, February 25, 2025 2:20:45 AM CET Crist Clark wrote:
> Another thing to consider, especially if you are playing wild games routing
> through tunnels and such, is to verify the server has a route back to the
> client. If something in the LAN can reach it, like the first dump, but
> off-ne
Another thing to consider, especially if you are playing wild games routing
through tunnels and such, is to verify the server has a route back to the
client. If something in the LAN can reach it, like the first dump, but
off-net gets no response, like the second, that’s a classic cause.
On Mon, Fe
On 24-Feb-25 17:54, Peter 'PMc' Much wrote:
tcpdump was friendly enough to tell me I should use -vv option,
only I didn't read that at first.
Then it clearly shows that these packets have invalid checksums. :(
And that is apparently reason enough to just drop them without
notice.
Now how they a
On Mon, Feb 24, 2025 at 10:01:49PM +0100, Peter 'PMc' Much wrote:
! Packets do arrive, but are ignored.
! The local firewall is switched to pass-thru.
!
! I don't know what else could selectively swallow packets without
! notice.
Okay, I figured it out.
tcpdump was friendly enough to tell me I
5 matches
Mail list logo
