salamond wrote: > Hi, All. > > After adding "keep frags" to the end of current rule, actually all my rules, > the problem is solved. > > The weird part is with 3.4.32, it works without "keep frags". > Never mind. Problem solved. > > And if anyone else ever encounter connection hangs while the exact > rule should have pass it. > Add "keep frags" to your rules, it may work for you too.
This makes sense. I'm guessing you, or the remote host, don't have Path MTU Discovery disabled. Alternatively, something in the middle is disregarding the DF bit... but yes, it's pretty much required to always have keep frags enabled. -- Phil Dibowitz [email protected] Open Source software and tech docs Insanity Palace of Metallica http://www.phildev.net/ http://www.ipom.com/ "Never write it in C if you can do it in 'awk'; Never do it in 'awk' if 'sed' can handle it; Never use 'sed' when 'tr' can do the job; Never invoke 'tr' when 'cat' is sufficient; Avoid using 'cat' whenever possible" -- Taylor's Laws of Programming
signature.asc
Description: OpenPGP digital signature
