Re: anyone else using ipfw ?

[Randy Terbush <ra...@zyzzyva.com>]

> 
> We use ipfw (IP FireWall) to filter out unwanted connections to
> services we don't offer and to block abusive hosts (e.g. spam domains
> on port 25 and broken robots on port 80).
> 
> Some people running Windoze can't reach us on port 80 because ipfw
> is refusing them access. People who have managed to fix the problem
> has changed their PPP 'mtu' from 1500 to 576. A friend believes this
> is due to fragmented packets being rejected at the firewall.

Could this be an issue to do with the following?
sysctl -w net.inet.tcp.rfc1323=1

You might try setting it to 0 to disable this. ipfw should also be 
able to specifically allow fragments if that is truely what the 
cause is.




> I sent mail to a FreeBSD mailing list asking if anyone had any
> experience of this but got no answer, so I'll try here instead.
> Anyone ?
> 
> It's impossible for us to tell how widespread the problem is. Hundreds
> of thousands of windoze users are reaching us so it's not a major problem.
> 
> --
> Rob Hartill                              Internet Movie Database (Ltd)
> http://www.moviedatabase.com/   .. a site for sore eyes.
> 
> 
> ps, ipfw is wonderful at blocking Spamford's ever changing and ever
> spoofing lusers from depositing their trash in our mailboxes.
>