On Wed, Jan 28, 2015 at 9:53 AM, Lev Serebryakov <l...@freebsd.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 28.01.2015 20:38, Matthew Seaman wrote: > > > What do you get if you run the reply size test at DNS-OARC ? > > > > https://www.dns-oarc.net/oarc/services/replysizetest > 0 lines (empty answer) at CURRENT, only "rst.x1013.rs.dns-oarc.net." > on 9.3. > > Looks like "IP Fragments Filtered", but I don't understand — why and > where?! > > I'm using ipfw on both hosts, but I don't have any special rules > about IP fragments at all! And as these systems are in completely > different networks, with different uplinks and FreeBSD versions! > IPFW doesn't deal with IP fragment reassembly by default. You can add something like the following to the start of the IPFW ruleset to work around it (one for each NIC): $IPFW add reass ip from any to any in recv $NIC0 $IPFW add reass ip from any to any in recv $NIC1 ... -- Freddie Cash fjwc...@gmail.com _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
