Further to this enquiry (originally to Oz-ISP only) I think I have
identified the problem.
Someone suggested (I forget who, but tks all the same) that it might be a
defrag problem so I went to look at the firewall logs and indeed there
were ICMP defrag packets, but from RFC1918 addresses, so they were being
blocked by the firewall.
I have a strict firewall policy of blocking any packet with an RFC1918
address, whether source or destination, or an inbound packet with a source
address from the site assigned IP block, or an outbound packet to a
destination address from the site assigned IP block.
My question is: Should I stick with that strict policy, or am I safe in
relaxing it for ICMP messages just to suit inconsiderate ISPs who refuse
to comply with RFC1918?
--
Howard.
______________________________________________________
LANNet Computing Associates <http://www.lannet.com.au>
On Sun, 22 Oct 2000, Howard Lowndes wrote:
> I am trying to resolve a problem for someone who has difficulty connecting
> to some Internet web sites.
>
> The pattern that is emerging is that the no go sites are themselves
> connected to the Internet with PSTN and analogue modems whereas the go
> sites are on some form of digital connection. I cannot be 100% certain
> that that is the pattern, but it is certainly emerging looking that way.
>
> The problem browser is being reported as IE5.5 under W95 and I believe is
> thru a PSTN analogue modem connection. The logs at the no go sites
> certainly show the web pages being served successfully.
>
> It doesn't make any sense to me as to why this should be the problem, but
> I would welcome any suggestions.
>
>
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
