Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Packet normalization

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      quimi
      last edited by

      Hello,

      I'm installing a transparent firewall with PFsense. The firewall will be located between two routers with trunking. I have used OPT1 and OPT2 interfaces so I don't want any IP assigned to transparent interfaces.

      This is my topology:

      Router1(external)–--[Opt1---(Vlan0--firewall bridge--Vlan1)---Opt2)----Router2(internal)

      The firewall is working almost perfectly. Only fails with file transfers with SFTP an mail attachments. I think that could be a problem with MSS (Maximum Segment Size). The solution in Linux is to put this rule:

      iptables -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1456

      I think that in BSD the rule is something like:

      scrub in on fxp0 all fragment reassemble min-ttl 15 max-mss 1400
      scrub in on fxp0 all no-df
      scrub    on fxp0 all reassemble tcp

      But I don't know how to put this rule in order to execute it at init an to keep it when the firewall rules change.

      Anybody knows how to do it?

      Quimi

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.