On Thu, Jul 31, 2003 at 10:17:29PM -0700, Adam Bozanich wrote:
> 
> On Thu, 31 Jul 2003, Manuel Bouyer wrote:
> 
> > On Wed, Jul 30, 2003 at 08:32:07PM -0700, Adam Bozanich wrote:
> > >
> > > Hi all.  Whenever I try to http://www.netbsd.org, ipfilter drops packets
> > > with this:
> > >
> > You can tell by matching the @0:7 with the output of ipfstat -i -n
> 
> Thanks, it's the default drop.  Which makes me wonder... how the heck do I
> let these in w/out a port number???

Add keep frags to your 'pass' rules.

> > What is your network setup ?
> >
> 
> Nothing special, just a couple of boxes directly connected to the switch side
> of a lynksys ADSL router.

I guess the fragmentation happens on the ISP side.

> 
> This whole thing turned up another damm problem though... ipmon on the sparc64
> isn't working.
> 
> The man page says to use facility local0, so I put this in /etc/syslog.conf:
> 
> local0.*	/var/log/ipfilter_log
> 
> Nothing.  I even tried catching it with *.*
> 
> I also tried it from the command line, no errors or anything, but no output
> there either.
> 
> to be sure...
> 
> adam@ultra% ls -l /var/log/ipfilter_log
> -rw-------  1 root  wheel  0 Jul 31 10:51 /var/log/ipfilter_log
> 
> I'm using the GENERIC kernel and I see that IPFILTER_LOG is turned on.
> 
> maybe somebody can tell me where I'm going wrong here?

I think this is known problem. Something like a compiler bug.
You may want to ask on port-sparc64

> 
> Or maybe somebody knows how to convert those 'foo.giv,v' files that are
> avaliable via ftp into files I can use (I'm stuck on 'sitedrivenby.gif' on my
> apache install) (from the 'htdocs' dir)

These are CVS files. You want to use anonymous cvs instead of ftp,
see http://www2.fr.netbsd.org./Documentation/current/#using-anoncvs
you want to checkout htdocs

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
     NetBSD: 24 ans d'experience feront toujours la difference
--