Welcome, Guest. Please login or register.
Did you miss your activation email?
+  pfSense Forum
|-+  pfSense English Support» Firewalling» Packet normalization
Username:
Password:
 
Home Help Search Login Register
 

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Packet normalization  (Read 659 times)
0 Members and 1 Guest are viewing this topic.
quimi
Newbie
*
Offline Offline

Posts: 4


View Profile
« on: May 21, 2008, 05:01:56 am »
Hello,

I'm installing a transparent firewall with PFsense. The firewall will be located between two routers with trunking. I have used OPT1 and OPT2 interfaces so I don't want any IP assigned to transparent interfaces.

This is my topology:

Router1(external)----[Opt1---(Vlan0--firewall bridge--Vlan1)---Opt2)----Router2(internal)

The firewall is working almost perfectly. Only fails with file transfers with SFTP an mail attachments. I think that could be a problem with MSS (Maximum Segment Size). The solution in Linux is to put this rule:

iptables -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1456

I think that in BSD the rule is something like:

scrub in on fxp0 all fragment reassemble min-ttl 15 max-mss 1400
scrub in on fxp0 all no-df
scrub    on fxp0 all reassemble tcp

But I don't know how to put this rule in order to execute it at init an to keep it when the firewall rules change.

Anybody knows how to do it?

Quimi
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

 

Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
Page created in 0.142 seconds with 20 queries.