[ previous ] [ next ] [ threads ]
 From:  Raylund Lai <raylund dot lai at kankanwoo dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Could someone explain this firewall log
 Date:  Sun, 16 Apr 2006 00:05:41 -0400
Chris Buechler wrote:
> On 4/15/06, Raylund Lai <raylund dot lai at kankanwoo dot com> wrote:
>> Here I got one of the logs which when the user at tried to
>> access my http service.  The server that holds the http is at
>>  I've open port/nat/server-nat/outbound-nat all together
>> that were working for about half year.
>> [X]     16:03:08.498773     WAN, type
>> unreach/needfrag     ICMP
> That was blocked?  ICMP return traffic from an existing state should
> be permitted.  That's a ICMP unreachable, fragmentation needed but DF
> bit set message, it appears.  i.e. your server tried to send a packet
> larger than some MTU along the path to that client machine.

I haven't particular block anything.  I found out this log entry is due 
to the user who was using vpn connected to other office and forgot to 
disconnect before browsing into my web service.

> Try lowering your server's MTU to 1400 and see if the problem still
> exists.  Also make sure your m0n0wall's WAN MTU is set correctly for
> your connection.

This really gave me the clue.  :)

I lowered m0n0wall's mtu to 1400 and everything seemed to go back to 
normal.  I hope this is the reason.  Since the problem is intermittent, 
this may be not showing for a whole day.

But it's weird that I have no problem at all browsing/downloading from 
internet behind m0n0wall.  Only happened on users accessing my services 
outside m0n0wall.

Thanks Chris. :)


> -Chris
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch