I have two linux boxes (neither running ipfilter) that talk to each other across a 3DES vpn. Between the vpn concentrator on my side and my inside linux host I have an ipfilter firewall. When my local host opens an https connection to the remote linux server, I see 1500b packets being written out to the remote's LAN and I see the remote VPN concentrator fragmenting the packets down to 762 and 738 chunks (or thereabouts) and these arrive back to my local linux host (the https client).
My client though is complaining with: 14:55:45.265060 local > remote: icmp: ip reassembly time exceeded for remote.https > local.38633: . 1:737(736) ack 143 win 5792 <nop,nop,timestamp 166549012 382308176> (frag 28624:[EMAIL PROTECTED]) (ttl 55, len 788) [tos 0xc0] (ttl 64, id 29019, len 576) My ipfilter firewall in front of the local client drops these though. I'm pretty sure I could forward these icmp critters, but I guess I'm not. And things obviously aren't working, or I wouldn't be here asking for insight and mercy. Can anyone help me with understanding what is happening? Is there a way I can tell my local firewall to reassemble the packets into one frame before forwarding to my local linux (RHEL w/2.6 kernel) system? Any thoughts, inside or outside the box, are appreciated! Thanks, peter
