I am having a bizarre problem with Kerberos (UDP) not passing through firewall rules which allow this. Any 88/UDP connections with a length less than 1500 pass through the rule while connections with a length of 1500 don't match the rule and are denied. If I allow all protocols to the respective host, Kerberos traffic passes through the rule regardless of length. Additionally, we are not having problems with other UDP protocols such as DNS, LDAP, and NTP. Is there a PF setting that needs to be changed to allow this type of traffic?
We are running FreeBSD 8.2 with PF on a system with several NIC's including 10Gb cards. Though the MTU size on the 10Gb NIC's is set to 9000, it does not appear to be a hardware or operating system issue.
This is puzzling to say the least.
We are running FreeBSD 8.2 with PF on a system with several NIC's including 10Gb cards. Though the MTU size on the 10Gb NIC's is set to 9000, it does not appear to be a hardware or operating system issue.
This is puzzling to say the least.