[ previous ] [ next ] [ threads ]
 From:  =?iso-8859-1?Q?S=F8ren_Vanggaard_Jensen?= <svanggaard at hotmail dot com>
 To:  <kudzu at tenebras dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] MTU fragmentation problem
 Date:  Thu, 30 Aug 2007 10:45:56 +0200
I am allowing ICMP...

I've tried 2 settings:
1) No ICMP rules at all - only a default LAN-WAN rule which allows
2) Explicit. allowing ICMP on all interfaces (as the first rule)

This has not made any difference.


-----Original Message-----
From: Michael Sierchio [mailto:kudzu at tenebras dot com] 
Sent: 30. august 2007 10:34
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] MTU fragmentation problem

Søren Vanggaard Jensen wrote:

> There's no VLANs defined - nor any pptp tunnels running. This is a 
> simple setup with a standard wireless accesspoint (bridging) attached 
> to the lan interface and a number of wireless clients.


> The MTU on the LAN side is 1440 and the WAN MTU is 1500. 
> When a client tries to get e.g. a webpage the request is sent to the 
> webserver. The server replies with IP packages with length 1500.
>>From the firewall log, it seems that monowall generates an ICMP
> unreach/needfrag message and tries to send it back to the webserver - 
> however it blocks its own message!!!

Well, that's the problem, isn't it?  As I said in my previous email, you
must allow ICMP need-frag error packets outbound.

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch