It was not stated, but I've setup firewalls in the past, I presume you have a firewall that is doing 'block in' as a catchall (which catches the fragments) ..
Set your return policy on that rule if you wish it to return. -- Todd Fries .. [EMAIL PROTECTED] _____________________________________________ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | "..in support of free software solutions." \ 250797 (FWD) | \ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt Penned by Charlie Allom on 20081205 19:12.56, we have: | On Fri, Dec 05, 2008 at 12:43:33PM -0600, Todd T. Fries wrote: | > | > Theory suggests that PMTUD should handle things such that fragments do not | > appear, but encapsulation and tunneling via IPSec tend to generate them | > anyway.. | | Are we not breaking PMUTD by silently dropping these? Shouldn't there | be a way of implying something like 'block-policy return' ? | | C. | -- | 020 7729 4797 | http://blog.playlouder.com/
