Date: Fri, 13 Jul 2001 13:31:51 +0200 From: Bohuslav Plucinsky <plk@in.nextra.sk> To: ru@FreeBSD.org Cc: ari@suutari.iki.fi, freebsd-net@FreeBSD.org, freebsd-questions@FreeBSD.org Subject: Re: natd and ICMP 3.4 packets Message-ID: <20010713133151.D4366@in.nextra.sk> In-Reply-To: <20010713135855.A65898@sunbay.com>; from ru@FreeBSD.org on Fri, Jul 13, 2001 at 01:58:55PM %2B0300 References: <20010710110934.D1048@in.nextra.sk> <20010712124152.A80584@sunbay.com> <20010713120211.B4366@in.nextra.sk> <017d01c10b87$b573a4f0$0e05a8c0@coffee> <20010713135855.A65898@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 13, 2001 at 01:58:55PM +0300, Ruslan Ermilov wrote: > On Fri, Jul 13, 2001 at 01:36:42PM +0300, Ari Suutari wrote: > > Hi, > > > > Doesn't sound good that IP header with private IP address > > gets sent to internet. - after all, the 195.168.3.210 host on internet knows > > nothing about 10.10.1.2... > > > We have discussed this before with Brian and Charles, and have come > up to an agreement that FIREWALL should block these packets, not NAT. The firewall blocks these packets, but the effect is, that the host 195.168.3.210 never gets the information about different MTU on path. regards, -- ====================================================================== Bohus PLUCINSKY e-mail: plk@in.nextra.sk Network Engineer N E X T R A Plynarenska 1 tel: +421 7 58 228 111 824 71 Bratislava 26 fax: +421 7 58 228 222 S L O V A K I A http://www.nextra.sk ======================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010713133151.D4366>