|
||||||||
Søren Vanggaard Jensen wrote: > There's no VLANs defined - nor any pptp tunnels running. This is a simple > setup with a standard wireless accesspoint (bridging) attached to the lan > interface and a number of wireless clients. Irrelevant. > The MTU on the LAN side is 1440 and the WAN MTU is 1500. > > When a client tries to get e.g. a webpage the request is sent to the > webserver. The server replies with IP packages with length 1500. > >>From the firewall log, it seems that monowall generates an ICMP > unreach/needfrag message and tries to send it back to the webserver - > however it blocks its own message!!! Well, that's the problem, isn't it? As I said in my previous email, you must allow ICMP need-frag error packets outbound. |