[ previous ] [ next ] [ threads ]
 
 From:  Raylund Lai <raylund dot lai at kankanwoo dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Could someone explain this firewall log
 Date:  Sun, 16 Apr 2006 00:05:41 -0400
Chris Buechler wrote:
> On 4/15/06, Raylund Lai <raylund dot lai at kankanwoo dot com> wrote:
>   
>> Here I got one of the logs which when the user at 70.55.224.22 tried to
>> access my http service.  The server that holds the http is at
>> 192.168.0.21.  I've open port/nat/server-nat/outbound-nat all together
>> that were working for about half year.
>>
>> [X]     16:03:08.498773     WAN     70.55.224.22     192.168.0.21, type
>> unreach/needfrag     ICMP
>>
>>     
>
> That was blocked?  ICMP return traffic from an existing state should
> be permitted.  That's a ICMP unreachable, fragmentation needed but DF
> bit set message, it appears.  i.e. your server tried to send a packet
> larger than some MTU along the path to that client machine.
>   

I haven't particular block anything.  I found out this log entry is due 
to the user who was using vpn connected to other office and forgot to 
disconnect before browsing into my web service.

> Try lowering your server's MTU to 1400 and see if the problem still
> exists.  Also make sure your m0n0wall's WAN MTU is set correctly for
> your connection.
>   

This really gave me the clue.  :)

I lowered m0n0wall's mtu to 1400 and everything seemed to go back to 
normal.  I hope this is the reason.  Since the problem is intermittent, 
this may be not showing for a whole day.

But it's weird that I have no problem at all browsing/downloading from 
internet behind m0n0wall.  Only happened on users accessing my services 
outside m0n0wall.

Thanks Chris. :)

Cheers
Raylund

> -Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>