Hi, There seems to be a bug/problem with GRE (netgraph) in FreeBSD in dealing with fragmented packets. When I have the following nat rules: List of active MAP/Redirect filters: map ng0 10.0.0.0/8 -> 80.126.244.3/32 portmap tcp/udp 40000:50000 mssclamp 60 map ng0 10.0.0.0/8 -> 80.126.244.3/32 mssclamp 60 everything works, but when I don't include the mssclamp option then connects to for example www.google.com (searching for test) from my internal network hang and timeout constantly. I'm using FreeBSD 6.0 stable in combination with mpd and ipfilter 4.1.18: IP Filter: v4.1.8 initialized. Default = block all, Logging = enabled sebster@piglet(ttyp8:16:64):~> mpd --version Version 3.18 (root@piglet.sebster.com 22:28 5-Nov-2005) sebster@piglet(ttyp8:12:0):~> uname -a FreeBSD piglet.sebster.com 6.0-STABLE FreeBSD 6.0-STABLE #12: Wed Nov 16 13:34:20 CET 2005 root@piglet.sebster.com:/usr/obj/usr/src/sys/PIGLET i386 Greetings, Sebastiaan van Erk