ipfw: denied frags

2006-05-04 Thread Dennis Olvany 
I've traced a problem to IPFW dropping frags, but have no idea what to 
make of the log or how to go about fixing the issue. Please advise.



Possibly, someone could decode this: (frag 13695:[EMAIL PROTECTED]).

10600 is a default deny and a dynamic rule exists to allow this traffic. 
The only problematic traffic is traffic that is near-mtu. Smaller pdu's 
have no problem.




May  4 19:05:36 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 
192.168.102.10 in via ste0 (frag 13695:[EMAIL PROTECTED])
May  4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 
192.168.102.10 in via ste0 (frag 20569:[EMAIL PROTECTED])
May  4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 
192.168.102.10 in via ste0 (frag 20569:[EMAIL PROTECTED])
May  4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 
192.168.102.10 in via ste0 (frag 20570:[EMAIL PROTECTED])
May  4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 
192.168.102.10 in via ste0 (frag 20570:[EMAIL PROTECTED])
May  4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 
192.168.102.10 in via ste0 (frag 20571:[EMAIL PROTECTED])
May  4 19:05:47 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 
192.168.102.10 in via ste0 (frag 20571:[EMAIL PROTECTED])
May  4 19:05:48 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 
192.168.102.10 in via ste0 (frag 21244:[EMAIL PROTECTED])
May  4 19:05:48 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 
192.168.102.10 in via ste0 (frag 21244:[EMAIL PROTECTED])
May  4 19:05:50 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 
192.168.102.10 in via ste0 (frag 23141:[EMAIL PROTECTED])
May  4 19:05:50 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 
192.168.102.10 in via ste0 (frag 23141:[EMAIL PROTECTED])
May  4 19:05:54 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 
192.168.102.10 in via ste0 (frag 26828:[EMAIL PROTECTED])
May  4 19:05:54 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 
192.168.102.10 in via ste0 (frag 26828:[EMAIL PROTECTED])
May  4 19:06:02 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 
192.168.102.10 in via ste0 (frag 33624:[EMAIL PROTECTED])
May  4 19:06:02 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 
192.168.102.10 in via ste0 (frag 33624:[EMAIL PROTECTED])

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ipfw: denied frags

2006-05-04 Thread Dennis Olvany 

Dennis Olvany wrote:
May  4 19:06:02 b1 kernel: ipfw: 10600 Deny UDP 195.16.84.250 
192.168.102.10 in via ste0 (frag 33624:[EMAIL PROTECTED])


I see. The frags don't contain ports and therefore do not match the 
dynamic rule. A static rule took care of it.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]