From owner-freebsd-isp  Sat Nov 21 06:45:46 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA16020
          for freebsd-isp-outgoing; Sat, 21 Nov 1998 06:45:46 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from liquid.tpb.net (drum-n-bass.party-animals.com [194.134.94.34])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA16015
          for <freebsd-isp@FreeBSD.ORG>; Sat, 21 Nov 1998 06:45:44 -0800 (PST)
          (envelope-from niels@bakker.net)
Received: from localhost (niels@localhost)
	by liquid.tpb.net (8.9.1a/8.8.8/Debian/GNU) with SMTP id PAA18488
	for <freebsd-isp@FreeBSD.ORG>; Sat, 21 Nov 1998 15:45:01 +0100
Date: Sat, 21 Nov 1998 15:45:01 +0100 (CET)
From: N <niels@bakker.net>
To: FreeBSD isp <freebsd-isp@FreeBSD.ORG>
Subject: Re: ICMP firewall entry?
In-Reply-To: <199811202057.NAA15805@mt.sri.com>
Message-ID: <981121154330.18418B-100000@liquid.tpb.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 20 Nov 1998, Nate Williams wrote:

> I'm not using any private IP addresses, and if my masks were wrong
> nothing would get through.  Almost everything gets through, but only
> certain WWW sites don't work.

Are you blocking ICMP traffic?  This could be a Path MTU Discovery problem
(if ICMP fragmentation needed packets don't get through, the host won't
 stop sending large packets with the DF bit set, which'll get dropped
 because they have the DF bit set).

> If it were a simple configuratino issue I wouldn't have posted to the
> list.  It may be an issue with my firewall and ICMP source routing, or
> it may be something else completely different.


	-- Niels.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message