--- Henning Brauer <[EMAIL PROTECTED]> wrote: > On Mon, Nov 18, 2002 at 05:25:43AM -0800, Dan > Moinescu wrote: > > As it happens, some NFS packets are fragmented and > the > > "scrub in" directive was blocking the fragments. > > I removed the scrub lines and it worked, but then > I > > tried the same NFS thing with a machine behind the > > firewall and it failed again. > > This time, it was because the NFS fragments were > > passing through the firewall without being NATed, > as > > the full IP datagrams were, and this obviously > > confused the server. > > > > So it looks like pf on 3.1 can't handle fragments. > Was > > this fixed in 3.2? > > you fail to give details. I bet you are using a > linux box as NFS client. > linux sends fragmented NFS packets with the Don't > Fragment bit set, which, > well, go figure yourself. >
I was indeed using a Linux box as the NFS client. But nonetheless, this means that if some Linux router or server out there decides to fragment a packet going to my OpenBSD box, that network connection will be corrupted, is that true? Regards, Dan. __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com
