|
||||||||
I am allowing ICMP... I've tried 2 settings: 1) No ICMP rules at all - only a default LAN-WAN rule which allows everything 2) Explicit. allowing ICMP on all interfaces (as the first rule) This has not made any difference. BR /Søren -----Original Message----- From: Michael Sierchio [mailto:kudzu at tenebras dot com] Sent: 30. august 2007 10:34 To: m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] MTU fragmentation problem Søren Vanggaard Jensen wrote: > There's no VLANs defined - nor any pptp tunnels running. This is a > simple setup with a standard wireless accesspoint (bridging) attached > to the lan interface and a number of wireless clients. Irrelevant. > The MTU on the LAN side is 1440 and the WAN MTU is 1500. > > When a client tries to get e.g. a webpage the request is sent to the > webserver. The server replies with IP packages with length 1500. > >>From the firewall log, it seems that monowall generates an ICMP > unreach/needfrag message and tries to send it back to the webserver - > however it blocks its own message!!! Well, that's the problem, isn't it? As I said in my previous email, you must allow ICMP need-frag error packets outbound. --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |