Re: IPFilter generating bad TCP checksums
This is a discussion on Re: IPFilter generating bad TCP checksums within the IPFilter forums, part of the System Security and Security Related category; On 2004-Jul-20 15:35:44 +1000, Peter Jeremy <peter.jeremy@alcatel.com.au> wrote: >I'...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-22-2004
|
|||
|
|||
Re: IPFilter generating bad TCP checksums
On 2004-Jul-20 15:35:44 +1000, Peter Jeremy <peter.jeremy@alcatel.com.au> wrote:
>I'm trying to get IPFilter running on a Solaris8/SPARC server to >handle packet filtering and NAT but I'm getting TCP checksum errors >when I load NAT rules. Does anyone have any suggestions? One step forward, two steps back... rmkml mentioned disabling checksums. After some searching, I found a reference to disabling hardware TCP checksums in /etc/system (set ip:dohwcksum=0). After rebooting for it to take effect, there are no longer any TCP checksum errors. Unfortunately, running "ifconfig" on any interface now wedges that interface for a random interval or until the 'pfil' module is unloaded from that interface. Also hardware checksums appear to randomly work or not work - sometimes I can enable them, reboot and there's no problem. At other times I get bad checksums. I can leave it disabled but pfil being incompatible with ifconfig is not real good. -- Peter Jeremy 
|
Linear Mode
