httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <>
Subject Re: anyone else using ipfw ?
Date Wed, 02 Jul 1997 21:21:07 GMT
> We use ipfw (IP FireWall) to filter out unwanted connections to
> services we don't offer and to block abusive hosts (e.g. spam domains
> on port 25 and broken robots on port 80).
> Some people running Windoze can't reach us on port 80 because ipfw
> is refusing them access. People who have managed to fix the problem
> has changed their PPP 'mtu' from 1500 to 576. A friend believes this
> is due to fragmented packets being rejected at the firewall.

Could this be an issue to do with the following?
sysctl -w net.inet.tcp.rfc1323=1

You might try setting it to 0 to disable this. ipfw should also be 
able to specifically allow fragments if that is truely what the 
cause is.

> I sent mail to a FreeBSD mailing list asking if anyone had any
> experience of this but got no answer, so I'll try here instead.
> Anyone ?
> It's impossible for us to tell how widespread the problem is. Hundreds
> of thousands of windoze users are reaching us so it's not a major problem.
> --
> Rob Hartill                              Internet Movie Database (Ltd)
>   .. a site for sore eyes.
> ps, ipfw is wonderful at blocking Spamford's ever changing and ever
> spoofing lusers from depositing their trash in our mailboxes.

View raw message