Q: Why does my firewall hate the cambridge picturehouse?

Jeremy Henty onepoint at starurchin.org
Wed Oct 22 16:25:47 CEST 2008

Previous message: Q: Why does my firewall hate the cambridge picturehouse?
Next message: Q: Why does my firewall hate the cambridge picturehouse?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 22, 2008 at 03:01:18PM +0100, Simon Andrews wrote:

>> You can disable Path MTU discovery in linux using:
>>
>> echo  1  >/proc/sys/net/ipv4/ip_no_pmtu_disc

Still no difference.

> Thinking some more about this  it's also possible that your firewall
> is blocking the  ICMP Frag Needed packets which  are being sent back
> to you (hence the dropped packets in your logs).

All the dropped  packet log entries have "PROTO=TCP",  so they are not
ICMP, right?   My /proc/sys/net/ipv4/conf/* also  reject source-routed
packets and do not accept or send ICMP Redirects.

Regards, 

Jeremy Henty

Previous message: Q: Why does my firewall hate the cambridge picturehouse?
Next message: Q: Why does my firewall hate the cambridge picturehouse?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the CLUG mailing list