tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPV6 router works, but clients fail

>>>>> "rm" == Roy Marples <> writes:

    rm> I've attached my current pf.conf As Brian pointed out in this
    rm> thread, PF does not handle IPv6 fragments

That's bad but it's not the problem.  There will never be any IPv6 TCP
fragments, even with all this nonsense going on.  There can be UDP
fragments, though.

    rm> if I drop the MTU on my clients to 1492 then I don't need the
    rm> scrub mss line. Anyone have an opinion on which would be
    rm> better?

the scrubbing is better.

If all hosts on an ethernet do not have the same MTU set, this will
cause a second level of brokenness---now you have two broken things
instead of one.  That scenario's likely because you'll forget, or
you'll have test systems or guests or VM's or whatever.

Attachment: pgpNTcCgPkMgn.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index