On Tue, 2002-05-14 at 09:16, Michael Sierchio wrote: > Andrew Reilly wrote: > > > I ran a script using jot to send ping packets across the link, with > > sizes varying from 1300 to 2300 bytes, while also watching the link with > > tcpdump. > > > > Only one ping failed (it didn't even get out), with the following error > > message: > > ping: sendto: Message too long > > > > I also saw a few "ip reassembly time exceeded" messages in tcpdump, but > > I'm not sure whether they were correlated. > > > > Most of my problems seem to have gone away when I added "add allow all > > from any to any frag" to my firewall script. Not sure how it ever > > worked at all without that, though. > > Mind posting the IP addrs? I'd like to send you a few frags. ;-) > > Seriously, that's a workaround that wouldn't be acceptable here.
I did wonder about the security implications of that, but don't know enough IP to be sure. The fact that that line is in /etc/rc.firewall, and has been since 1999 or so, made me think that it wouldn't be a problem. -- Andrew To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
