[ previous ] [ next ] [ threads ]
 
 From:  Michael Sierchio <kudzu at tenebras dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] MTU fragmentation problem
 Date:  Thu, 30 Aug 2007 01:33:34 -0700
Søren Vanggaard Jensen wrote:

> There's no VLANs defined - nor any pptp tunnels running. This is a simple
> setup with a standard wireless accesspoint (bridging) attached to the lan
> interface and a number of wireless clients.

Irrelevant.

> The MTU on the LAN side is 1440 and the WAN MTU is 1500. 
> 
> When a client tries to get e.g. a webpage the request is sent to the
> webserver. The server replies with IP packages with length 1500.
> 
>>From the firewall log, it seems that monowall generates an ICMP
> unreach/needfrag message and tries to send it back to the webserver -
> however it blocks its own message!!!

Well, that's the problem, isn't it?  As I said in my previous email,
you must allow ICMP need-frag error packets outbound.