Good evening, Jean-Marc,
On Sun, 19 Mar 2000, Jean-Marc Pigeon wrote:
> The firewall trace show up
>
> Mar 19 21:01:58 hostV kernel: Packet log: input REJECT eth0 PROTO=17 X.Y.Z.T:65535 Z.Y.Z.V:65535 L=624 S=0x00 I=14849 F=0x00B9 T=64 (#21)
>
> So, seems there is now a new UPD protocol line using port 65535 for
> NFS.
No, "port" 65535 refers to a packet fragment. The general
recommendation for a packet filtering firewall is to turn on "Always
Defragment" when you compile your kernel so your firewall never has to try
to inspect fragmented packets.
Please direct further firewall questions to the ip-masq or
ipchains mailing lists - see http://ipmasq.cjb.net for more info and
pointers to both.
Cheers,
- Bill
---------------------------------------------------------------------------
Weinberg's Law: If builders built buildings the way programmers
wrote programs, then the first woodpecker that came along would destroy
civilization.
(Courtesy of David E. Vandewalle, vandewal@prairienet.org)
--------------------------------------------------------------------------
William Stearns (wstearns@pobox.com). Mason, Buildkernel, named2hosts,
and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns
LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com
--------------------------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Mar 20 2000 - 00:06:47 EST