News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  General Questions
linktree Topic: packet fragment
Pages: [1]
Topic: packet fragment  (Read 1567 times)
« on: September 18, 2007, 11:56:07 »
mediainno *
Posts: 3
Hi,

my config is very simple, LAN and WAN interfaces are set with private and public IPs respectively. Rules are set to permit all packets, which means from any source to any destination and any protocol. I have enabled allow-fragmented-packet option to let packets get thru' on both LAN and WAN interfaces. No other constraints are enabled.
The problem is, when i do ping from private LAN to outside world with giant packet, e.g.
ping -l 1500  google.com, packets are blocked on WAN interface... neither can any hosts outside to ping into private LAN hosts. I dont think I set any rules to block giant packets or fragmented packets. What could be the problem?? Please help, thank you.
« Reply #1 on: September 18, 2007, 12:02:57 »
mediainno *
Posts: 3
when i ping from outside to inside LAN host using giant packet, only can get fragmented packet at LAN interface, in other words, if a giant packet are fragmented into two small packets, only first small packet can get thru', the 2nd one is somehow discarded by m0n0wall... dont know why....
« Reply #2 on: September 19, 2007, 05:29:48 »
cmb *****
Posts: 851
The default LAN rule blocks fragments. You need to change it to allow them if that's what you desire.
« Reply #3 on: September 19, 2007, 06:04:14 »
mediainno *
Posts: 3
thanks, but i think i have changed the setting to enable fragmented packet pass on both LAN and WAN interfaces..
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines