From owner-freebsd-questions Wed Sep 2 12:29:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA18978 for freebsd-questions-outgoing; Wed, 2 Sep 1998 12:29:21 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from notabene.zer0.org (209-63-253-126.smf.jps.net [209.63.253.126]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA18944 for ; Wed, 2 Sep 1998 12:29:15 -0700 (PDT) (envelope-from gsutter@n1.dyn.ml.org) Received: (from gsutter@localhost) by notabene.zer0.org (8.8.7/8.8.8) id MAA26000 for freebsd-questions@freebsd.org; Wed, 2 Sep 1998 12:28:11 -0700 (PDT) (envelope-from gsutter) Message-ID: <19980902122810.L16430@notabene.zer0.org> Date: Wed, 2 Sep 1998 12:28:10 -0700 From: Gregory Sutter To: freebsd-questions@FreeBSD.ORG Subject: ipfw misbehaving Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i Organization: Zer0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG My ipfw is misbehaving, blocking packets when it shouldn't. Anytime a fragmented packet comes in, it is blocked: ipfw: 3501 Deny TCP 209.61.119.114:11786 209.63.253.126:15436 in via tun0 Fragment = 3 ipfw: 3501 Deny TCP 209.61.119.114:12081 209.63.253.126:11825 in via tun0 Fragment = 3 [etc...] Rule 3501 is: $fwcmd add 03501 deny log tcp from any to $oip 3000-3001 $fwcmd is "ipfw"; $oip is my current outside IP address. Can anyone see a reason why all fragmented packets are blocked by this rule? Greg -- Gregory S. Sutter Heisenberg might have been here. mailto:gsutter@pobox.com http://www.pobox.com/~gsutter/ PGP DSS public key 0x40AE3052 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message