From owner-freebsd-isp Thu Jan 20 9:41:25 2000 Delivered-To: freebsd-isp@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 8A57814C37; Thu, 20 Jan 2000 09:41:19 -0800 (PST) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id JAA54999; Thu, 20 Jan 2000 09:40:31 -0800 (PST) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <200001201740.JAA54999@gndrsh.dnsmgr.net> Subject: Re: New Firewall In-Reply-To: from Omachonu Ogali at "Jan 20, 2000 06:50:18 am" To: oogali@intranova.net (Omachonu Ogali) Date: Thu, 20 Jan 2000 09:40:31 -0800 (PST) Cc: andre@arkaine.com (Andre Chang), sh@eclipse.net.uk ('Stuart Henderson'), briang@expnet.net (Brian Gallucci), isp@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I'm not sure what he meant by ICMP fragmentation-needed messages, but > yes, ICMP is needed for reliable communication and faster communication > (primarily unreachables), so you can allow ICMP to pass through but I > wouldn't recommend it after seeing 24Mbps smurfs come through... > > And in your case Andre, ICMP fragmentation has nothing to do with your > sendmail problem, that shows that your connection is breaking/dropping > after a while, maybe the remote side is closing the connection > prematurely...check it out by telnetting to the remote host on port 25 and > imitate a regular SMTP transaction to find the problem... If Andre is filtering ICMP 3.4 (ICMP_UNREACH.ICMP_UNREACH_NEEDFRAG) it certainly could have to do with his sendmail problem. -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message