Subject: Re: NetBSD ipfilter firewall.
To: None <netbsd-help@netbsd.org>
From: Mine Sakiyama <msakiyam@sakiyama.mine.nu>
List: netbsd-help
Date: 05/22/2003 14:26:44
Hi,
I am not able to explain how this all are exactly related, but that sort of fixed the problem. This problem was also fixed when I
allowed all incoming icmp packets on the ipfilter(not a preffered way). Also this posting from Wietse Venema helped me understand
this issue as well (http://msgs.securepoint.com/cgi-bin/get/postfix9904/37/1.html)
thanks again for all inputs..
Mine
----- Original Message -----
From: "Randy Beaudreault" <maccult@pacbell.net>
To: <netbsd-help@netbsd.org>
Sent: Thursday, May 22, 2003 2:06 PM
Subject: Re: NetBSD ipfilter firewall.
> >On Thu, May 22, 2003 at 10:31:51AM -0700, Mine Sakiyama wrote:
> >> [...]
> >>
> >> May 22 08:17:13 alex ipmon[82]: 08:17:13.316211 pppoe0 @0:33 b
> >>mail.netbsd.org[155.53.1.253] ->
> >> internet.internal.com[192.168.0.2] PR tcp len 20 (164) frag
> >>144@1336 IN (entire session log
> >> below).
> >
> >Maybe add 'keep frags' in addition to keep state
> >
> >--
> >Manuel Bouyer <bouyer@antioche.eu.org>
> > NetBSD: 24 ans d'experience feront toujours la difference
> >--
>
> Why should you have to add keep frags? This sounds like an issue
> with PMTUD on mail.netbsd.org, not a problem with his ipf ruleset.
> --
> Randy
>
> OS X - UNIX for the rest of us
> NetBSD - Catch the Power!
>