In article <20021128211347.D27234@flint.arm.linux.org.uk>,
Russell King <rmk@arm.linux.org.uk> wrote:
>On Thu, Nov 28, 2002 at 06:53:00PM +0200, Kai Henningsen wrote:
>> >From two or three traceroutes, that problem seems to be at the SGI end. I
>> can't get to them either (nothing after the same IP as for you, at hop
>> #17, some place at Genuity), but you are practically next door.
>
>Lesson #1 of firewalling: drop everything.
>Lesson #2 of firewalling: only accept what you absolutely have to.
Lesson#3 of firewalling: due to #1 and #2 most admins block
ICMP_UNREACH_NEEDFRAG as well (ICMP == ping == bad) breaking
path MTUd. http://alive.znep.com/~marcs/mtu/
Note that IPv6 has no fragmentation and pMTUd is mandatory.
Oh joy.
Mike.
-- They all laughed when I said I wanted to build a joke-telling machine. Well, I showed them! Nobody's laughing *now*! -- acesteves@clix.pt- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Nov 30 2002 - 22:00:21 EST