Re: [squid-users] Squid and VPN, not working!!!

From: Colin Campbell <sgcccdc@dont-contact.us>
Date: Wed, 10 Oct 2001 09:07:27 +1000 (EST)

Hi,

On Tue, 9 Oct 2001, Mark Tinka wrote:

> our setup is behind a multi-homed Linux firewall server running IP
> Masquerading with IPchains.. we do have ICMP in and outwards enabled,
> so we can ping some other stations on our network... so, i wonder why
> it shouldn't send those "please fragment" packets back out..?..

When you say you "allow ICMP" do you mean *all* ICMP or just "ping". ICMP
has many codes defined and most of these have subcodes. For instance a
"ping" consists of one machine sending an "echo request" (ICMP code=8/
sub-code=0) and the target responding with an "echo reply" (ICMP 0/0). The
"fragmentation required" packets are ICMP 3/4. Just because you can ping
something doesn't mean all ICMP can get through.

Colin
Received on Tue Oct 09 2001 - 17:08:45 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:39 MST