thanks for that Collin.. i will look into that and get back to u... thanks..
AKNIT
--- Colin Campbell <sgcccdc@citec.qld.gov.au>
> wrote:
>Hi,
>
>On Tue, 9 Oct 2001, Mark Tinka wrote:
>
>> our setup is behind a multi-homed Linux firewall server running IP
>> Masquerading with IPchains.. we do have ICMP in and outwards enabled,
>> so we can ping some other stations on our network... so, i wonder why
>> it shouldn't send those "please fragment" packets back out..?..
>
>When you say you "allow ICMP" do you mean *all* ICMP or just "ping". ICMP
>has many codes defined and most of these have subcodes. For instance a
>"ping" consists of one machine sending an "echo request" (ICMP code=8/
>sub-code=0) and the target responding with an "echo reply" (ICMP 0/0). The
>"fragmentation required" packets are ICMP 3/4. Just because you can ping
>something doesn't mean all ICMP can get through.
>
>Colin
_____________________________________________________________
Be different Get yourself a Globenetcafe.net email ID
Uganda's Newest internet cafe www.globenetcafe.net
Received on Tue Oct 09 2001 - 23:52:38 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:39 MST