Datagram re-assembly fails
-
Good morning
I have an application that sends out frames of data that seem to be dropped by the firewall. I know from the developers these UDP packets larger than 1500 bytes are not being re-assembled in my SG-3100 at all.
I am running 2.4.2 PM1 and I am up to date.
Under Advanced, I have tested with
- IP Do-Not-Fragment both on and off.
Disabled PF scrubbing
After testing the above, I have killed the states in the machine, but it still fails.
As a reference, if I use a consumer grade router, the datagrams are re-assembled correctly.
I hope that makes sense.
Thanks in advance, Mike
- IP Do-Not-Fragment both on and off.
-
Internet or intranet traffic? Could the data be arriving as jumbo frames from an internal source?
-
Internet traffic.
We have done a lot of testing on this and it seems to be pfSense type routers that fail. If you swap it out for a DD-WRT or Tomato like router, it is fine.
Mike
-
Have you tested with "Disable Firewall Scrub" unchecked as it is the default?
As of now we also have a problem that if we check this to disable scrub fragmented UDP packets will not pass pfSense, at least not on the WAN interface. With the default scrub enabled all is well. -
Disable Firewall Scrub
Where is that found?
-
System / Advanced / Firewall & NAT
Disable Firewall Scrub
Disables the PF scrubbing option which can sometimes interfere with NFS traffic. -
Hello,
Since this is UDP, it means retransmit is higher level responsibility and NOT ORGANIC TO LEVEL 3 OR 4 OSI.
sincerely,
magrw2066
