News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: ICMP fragmentation needed blocked
Pages: [1]
Topic: ICMP fragmentation needed blocked  (Read 1834 times)
« on: August 14, 2011, 21:57:58 »
holroyd *
Posts: 1
Hi,
i've setup a subnet in my home LAN.

- 'public' ie direct connection to the ADSL modem/router 192.168.1.0
- 'private' protected by a m0n0wall

the m0n0wall has DNS forwarding configured so that clients in the subnet can access the internet.

I ran into an MTU problem which was fixed with the workaround of reducing he MTU of the client.

But during the problem analysis i found that the ADSL modem/router was sending back ICMP error 3 / code 4 (fragmentation needed) packets to the m0n0walls WAN. They seem to get blocked. I added an explicit 'pass' rule for all ICMP traffic to be allowed and disabled the 'block private networks' but to no avail. The ICMP packets don't appear in the (firewall) logs as blocked packets either

any help would be appreciated.

cheers,
Michael
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines