From owner-freebsd-ipfw Thu Jan 20 3:51:34 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from intranova.net (blacklisted.intranova.net [209.3.31.70]) by hub.freebsd.org (Postfix) with SMTP id D4BF514D73 for ; Thu, 20 Jan 2000 03:51:29 -0800 (PST) (envelope-from oogali@intranova.net) Received: (qmail 91615 invoked from network); 20 Jan 2000 06:53:40 -0000 Received: from missnglnk.wants.to-fuck.com (HELO hydrant.intranova.net) (user58572@209.201.95.10) by blacklisted.intranova.net with SMTP; 20 Jan 2000 06:53:40 -0000 Date: Thu, 20 Jan 2000 06:50:18 -0500 (EST) From: Omachonu Ogali To: Andre Chang Cc: 'Stuart Henderson' , Brian Gallucci , isp@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG Subject: RE: New Firewall In-Reply-To: <6C191944837ED311863A00104BC7598F774E@s.arkaine.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm not sure what he meant by ICMP fragmentation-needed messages, but yes, ICMP is needed for reliable communication and faster communication (primarily unreachables), so you can allow ICMP to pass through but I wouldn't recommend it after seeing 24Mbps smurfs come through... And in your case Andre, ICMP fragmentation has nothing to do with your sendmail problem, that shows that your connection is breaking/dropping after a while, maybe the remote side is closing the connection prematurely...check it out by telnetting to the remote host on port 25 and imitate a regular SMTP transaction to find the problem... Omachonu Ogali Intranova Networking Group On Wed, 19 Jan 2000, Andre Chang wrote: > Mr. Henderson, > > could you elaborate on the "icmp fragmentation-needed messages" please? > > I'm trying to track down the following error: > > Jan 18 09:02:56 `host_clipped` sendmail[49987]: NOQUEUE: SYSERR: putoutmsg > ([xxx.xxx.xxx.xxx]): error on output channel sending "220 `hostname_clipped` > ESMTP Sendmail 8.9.3/8.9.3; Tue, 18 Jan 2000 09:02:56 GMT": Broken pipe > > Thanks. > > -----Original Message----- > From: Stuart Henderson [mailto:sh@eclipse.net.uk] > Sent: Tuesday, January 18, 2000 11:35 AM > To: Omachonu Ogali > Cc: Brian Gallucci; isp@FreeBSD.ORG; freebsd-ipfw@FreeBSD.ORG > Subject: Re: New Firewall > > > > The following rules can help if you are going to be running SMTP, HTTP, > > POP3, and HTTPS, delete what you don't need. > > You also need to pass icmp fragmentation-needed messages if you > don't want to risk breaking access to/from some sites. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message