[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] SNMP traffic over IPSEC
 Date:  Tue, 28 Feb 2006 19:17:37 -0500
On 2/28/06, dasz <daszylstra at comcast dot net> wrote:
>
> Every other function does seem to work - they have about 100+ nodes at each
> location and they can ping, telnet, ftp, http, do firmware/software
> upgrades, etc just fine to all nodes; it only seems to be the SNMP traffic
> heading back to their central office that fails -- when I look at the Mono
> firewall log it shows the SNMP traffic being blocked with a source and
> destination that is definitely in the IPSEC IP range, so for some reason
> Mono is ignoring the destination IP and trying to pass it through the
> firewall . . . . .
>

This makes it sound like the default rule is still set to deny
fragments, and the SNMP is getting fragmented for some reason.  that's
my first guess at least.

-Chris