[ previous ] [ next ] [ threads ]
 
 From:  =?iso-8859-1?Q?S=F8ren_Vanggaard_Jensen?= <svanggaard at hotmail dot com>
 To:  <kudzu at tenebras dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] MTU fragmentation problem
 Date:  Thu, 30 Aug 2007 10:45:56 +0200
I am allowing ICMP...

I've tried 2 settings:
1) No ICMP rules at all - only a default LAN-WAN rule which allows
everything
2) Explicit. allowing ICMP on all interfaces (as the first rule)

This has not made any difference.

BR




-----Original Message-----
From: Michael Sierchio [mailto:kudzu at tenebras dot com] 
Sent: 30. august 2007 10:34
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] MTU fragmentation problem



> There's no VLANs defined - nor any pptp tunnels running. This is a 
> simple setup with a standard wireless accesspoint (bridging) attached 
> to the lan interface and a number of wireless clients.

Irrelevant.

> The MTU on the LAN side is 1440 and the WAN MTU is 1500. 
> 
> When a client tries to get e.g. a webpage the request is sent to the 
> webserver. The server replies with IP packages with length 1500.
> 
>>From the firewall log, it seems that monowall generates an ICMP
> unreach/needfrag message and tries to send it back to the webserver - 
> however it blocks its own message!!!

Well, that's the problem, isn't it?  As I said in my previous email, you
must allow ICMP need-frag error packets outbound.



---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch