TCP and natd issues.
Problems.
1. Using IPFW2 and natd does not process certain TCP connections
correctly.
2. Running "tcpdump -i vr1" causes all traffic to be dropped.
When IPFW2 is configured for NAPT with natd I'm seeing certain TCP
traffic blocked. I've used ethereal to capture the traffic from my
desktop and the only pattern I can see is that all outgoing TCP traffic
with a window size of 65535 never gets a response. (IE, FireFox,
Outlook, Thunderbird). TCP connections using lower window sizes proceed
normally ("telnet <mymailserver> 25" for example). UDP and ICMP traffic
are also unaffected.
vr0 vr1
[desktop]----------[ DragonFly ]----------[ Modem ]--- NET
192.168.50.100 50.1 20.4 192.168.20.1
Here the ipfw logging shows responses from www.google.com and nat taking
place. You can see that the packet from google was mapped back to
192.168.50.100 but it was never actually received by my machine!
ipfw: 100 Divert 8668 TCP 66.102.11.104:80 192.168.20.4:1215 in via vr1
ipfw: 200 Accept TCP 66.102.11.104:80 192.168.50.100:1215 in via vr1
ipfw: 100 Divert 8668 TCP 66.102.11.104:80 192.168.50.100:1215 out via vr0
ipfw: 200 Accept TCP 66.102.11.104:80 192.168.50.100:1215 out via vr0
Also running tcpdump on the machine causes all network traffic passing
through the box to be dropped until the tcpdump process is killed at the
console. (as all SSH sessions drop out!)
The setup is identical to a FreeBSD 4.10 box that is working without
issues. The machine is running DragonFly stable compiled 22-Dec-04.
Diagnostics
I've disabled SACK.
Bridging the interfaces works as expected.
I'm compiling the kernel to remove custom options and try under pf.
I can provide configs and traces to anyone interested, any help in
resolving this would be appreciated.
Regards
G.A
討論串 (同標題文章)