SLUG Mailing List Archives
Re: [SLUG] ipchains question
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] ipchains question
- From: chesty <chesty@xxxxxxxxxx>
- Date: Wed Feb 21 19:05:01 2001
- User-agent: Mutt/1.3.12i
On Wed, Feb 21, 2001 at 05:49:31PM +1100, Danny Yee wrote:
> When I try to turn firewalling on, I'm having long DNS delays, and reports
> like this in my logfile
> Feb 21 17:41:53 stravinsky kernel: Packet log: input DENY ppp0 PROTO=17 129.78.###.###:65535 129.78.###.###:65535 L=28 S=0x00 I=19120 F=0x4022 T=252 (#17)
> (with actual IP addresses #ed)
I think the best way to fix your problem is to recompile your kernel
and set the option "IP: always defragment" to yes.
The packet being dropped is a fragment, you could also fix it by using
the -f option of ipchains. man ipchains for details.
Apologies if you get this message multiple times.