On Wed, Feb 21, 2001 at 05:49:31PM +1100, Danny Yee wrote:
> When I try to turn firewalling on, I'm having long DNS delays, and reports
> like this in my logfile
>
> Feb 21 17:41:53 stravinsky kernel: Packet log: input DENY ppp0 PROTO=17
>129.78.###.###:65535 129.78.###.###:65535 L=28 S=0x00 I=19120 F=0x4022 T=252 (#17)
> (with actual IP addresses #ed)
I think the best way to fix your problem is to recompile your kernel
and set the option "IP: always defragment" to yes.
The packet being dropped is a fragment, you could also fix it by using
the -f option of ipchains. man ipchains for details.
Apologies if you get this message multiple times.
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
