From owner-freebsd-hackers  Wed Dec  2 13:33:30 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA07401
          for freebsd-hackers-outgoing; Wed, 2 Dec 1998 13:33:30 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from ns.mt.sri.com (sri-gw.MT.net [206.127.105.141])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA07396
          for <hackers@FreeBSD.ORG>; Wed, 2 Dec 1998 13:33:28 -0800 (PST)
          (envelope-from nate@mt.sri.com)
Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100])
	by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id OAA26650;
	Wed, 2 Dec 1998 14:30:30 -0700 (MST)
	(envelope-from nate@rocky.mt.sri.com)
Received: by mt.sri.com (SMI-8.6/SMI-SVR4)
	id OAA07967; Wed, 2 Dec 1998 14:30:28 -0700
Date: Wed, 2 Dec 1998 14:30:28 -0700
Message-Id: <199812022130.OAA07967@mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Guido van Rooij <guido@gvr.org>
Cc: Nate Williams <nate@mt.sri.com>, Daniel Eischen <eischen@vigrid.com>,
        dillon@apollo.backplane.com, hackers@FreeBSD.ORG,
        luigi@labinfo.iet.unipi.it
Subject: Re: TCP bug
In-Reply-To: <19981202222702.A23308@gvr.org>
References: <199812021626.LAA27156@pcnet1.pcnet.com>
	<199812021636.JAA06068@mt.sri.com>
	<19981202215730.B23018@gvr.org>
	<199812022104.OAA07720@mt.sri.com>
	<19981202222702.A23308@gvr.org>
X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> > > In my previous mail I already stated why things can go wrong if the
> > > www server on the internet has a badly configured packet filter.
> > > In your case it seems that your router is badly configured. Does it
> > > filter out ICMP ICMP_UNREACH_NEEDFRAG pakcets from the ethernet to
> > > the ouside, but not from your router to the outside?
> > 
> > See my followup.  I don't filter out ICMP type 3 packets, but instead
> > allow them.  (I can't take any credit for this, it was part of the
> > firewall ruleset PHK gave me years ago...)
> 
> Yes I saw that too late. Anyway the bottom line is that the amount of clue
> on the internet is realling getting so low that new developments (well..new)
> like path MTU discovery can no longer be used. And when you try to
> convince the owners of the web site to change their packet filter
> (because usually it is theirs that is causing the problems) you easily
> give up after talking to the n-th clueless person.
> 
> It is my fear that the current cluelessness will have a severe impact
> on other new developments as well.

Well, thanks to you folks, my level of cluelessness is dropping. :)


Nate

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message