Date: Thu, 20 Jan 2000 06:50:18 -0500 (EST) From: Omachonu Ogali <oogali@intranova.net> To: Andre Chang <andre@arkaine.com> Cc: 'Stuart Henderson' <sh@eclipse.net.uk>, Brian Gallucci <briang@expnet.net>, isp@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG Subject: RE: New Firewall Message-ID: <Pine.BSF.4.10.10001200646350.4166-100000@hydrant.intranova.net> In-Reply-To: <6C191944837ED311863A00104BC7598F774E@s.arkaine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm not sure what he meant by ICMP fragmentation-needed messages, but yes, ICMP is needed for reliable communication and faster communication (primarily unreachables), so you can allow ICMP to pass through but I wouldn't recommend it after seeing 24Mbps smurfs come through... And in your case Andre, ICMP fragmentation has nothing to do with your sendmail problem, that shows that your connection is breaking/dropping after a while, maybe the remote side is closing the connection prematurely...check it out by telnetting to the remote host on port 25 and imitate a regular SMTP transaction to find the problem... Omachonu Ogali Intranova Networking Group On Wed, 19 Jan 2000, Andre Chang wrote: > Mr. Henderson, > > could you elaborate on the "icmp fragmentation-needed messages" please? > > I'm trying to track down the following error: > > Jan 18 09:02:56 `host_clipped` sendmail[49987]: NOQUEUE: SYSERR: putoutmsg > ([xxx.xxx.xxx.xxx]): error on output channel sending "220 `hostname_clipped` > ESMTP Sendmail 8.9.3/8.9.3; Tue, 18 Jan 2000 09:02:56 GMT": Broken pipe > > Thanks. > > -----Original Message----- > From: Stuart Henderson [mailto:sh@eclipse.net.uk] > Sent: Tuesday, January 18, 2000 11:35 AM > To: Omachonu Ogali > Cc: Brian Gallucci; isp@FreeBSD.ORG; freebsd-ipfw@FreeBSD.ORG > Subject: Re: New Firewall > > > > The following rules can help if you are going to be running SMTP, HTTP, > > POP3, and HTTPS, delete what you don't need. > > You also need to pass icmp fragmentation-needed messages if you > don't want to risk breaking access to/from some sites. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001200646350.4166-100000>