I have one monowall, 1.3b9, sitting in front of a webserver.
My test client is behind a router hop that can only do 1024 byte packets
on its backside. Yes it's an odd size but simulates a real world
scenario. 1496 is just as problematic, and what you get with PPPoE.
The story goes:
1) the webserver sends a 1500 byte packet with DontFragment set
2) the router generates an ICMP unreachable, fragmentation required, as
3) It is sniffable on the wan side of the monowall, as expected
4) It is never seen again. Not in the logs, not sniffed on the server,
and not sniffed on the managed lan switch even though the first rule on
wan is a ICMP-any-webserver+log, and the webserver in question sits on a
dmz using globally routable addresses.
Any ideas on getting MTU autodiscovery to work through 1.3b?