Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Clearing IP Do-Not-Fragment in Firewall Normalizations causes issues
« previous
next »
Print
Pages: [
1
]
Author
Topic: Clearing IP Do-Not-Fragment in Firewall Normalizations causes issues (Read 833 times)
seed
Full Member
Posts: 174
Karma: 12
Clearing IP Do-Not-Fragment in Firewall Normalizations causes issues
«
on:
January 24, 2024, 08:54:29 pm »
I have the problem that clearing the DF-Bit using normalisation causes service disruptions.
Sites like Reddit or Github wont work any longer when "no-df" is set.
Go to: "Firewall: Settings: Normalization"
Click on "IP Do-Not-Fragment"
Browse to
https://github.com/opnsense/core/
or try to read a reddit post.
Sites dont function as expected
When directly connected to my router things work as expected. When "IP Do-Not-Fragment" is disabled everything works fine.
But enabling "IP Do-Not-Fragment" causes issues.
Please check on your own setup and report back. This bugs me.
Logged
i want all services to run with wirespeed and therefore run this dedicated hardware configuration:
AMD Ryzen 7 9700x
ASUS Pro B650M-CT-CSM
64GB DDR5 ECC (2x KSM56E46BD8KM-32HA)
Intel XL710-BM1
Intel i350-T4
2x SSD with ZFS mirror
PiKVM for remote maintenance
private user, no business use
Patrick M. Hausen
Hero Member
Posts: 6810
Karma: 572
Re: Clearing IP Do-Not-Fragment in Firewall Normalizations causes issues
«
Reply #1 on:
January 24, 2024, 10:15:07 pm »
If you clear do not fragment that will essentially disable path MTU discovery. Possibly some intermediate system or the firewall of the services you try to use decides to drop fragments altogether.
This is common practice in ingress firewalls protecting web services.
May I ask why one would want to do that - clear DF, that is?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Clearing IP Do-Not-Fragment in Firewall Normalizations causes issues