From owner-freebsd-questions Fri Jul 13 4:31:34 2001 Delivered-To: freebsd-questions@freebsd.org Received: from plk.in.nextra.sk (fw.in.nextra.sk [195.168.29.2]) by hub.freebsd.org (Postfix) with ESMTP id B624B37B403; Fri, 13 Jul 2001 04:31:27 -0700 (PDT) (envelope-from plk@in.nextra.sk) Received: (from plk@localhost) by plk.in.nextra.sk (8.11.2/8.11.2) id f6DBVpp09210; Fri, 13 Jul 2001 13:31:51 +0200 Date: Fri, 13 Jul 2001 13:31:51 +0200 From: Bohuslav Plucinsky To: ru@FreeBSD.org Cc: ari@suutari.iki.fi, freebsd-net@FreeBSD.org, freebsd-questions@FreeBSD.org Subject: Re: natd and ICMP 3.4 packets Message-ID: <20010713133151.D4366@in.nextra.sk> Reply-To: plk@in.nextra.sk References: <20010710110934.D1048@in.nextra.sk> <20010712124152.A80584@sunbay.com> <20010713120211.B4366@in.nextra.sk> <017d01c10b87$b573a4f0$0e05a8c0@coffee> <20010713135855.A65898@sunbay.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010713135855.A65898@sunbay.com>; from ru@FreeBSD.org on Fri, Jul 13, 2001 at 01:58:55PM +0300 Organization: NEXTRA, Bratislava, SLOVAKIA X-NCC-RegID: sk.nextra Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jul 13, 2001 at 01:58:55PM +0300, Ruslan Ermilov wrote: > On Fri, Jul 13, 2001 at 01:36:42PM +0300, Ari Suutari wrote: > > Hi, > > > > Doesn't sound good that IP header with private IP address > > gets sent to internet. - after all, the 195.168.3.210 host on internet knows > > nothing about 10.10.1.2... > > > We have discussed this before with Brian and Charles, and have come > up to an agreement that FIREWALL should block these packets, not NAT. The firewall blocks these packets, but the effect is, that the host 195.168.3.210 never gets the information about different MTU on path. regards, -- ====================================================================== Bohus PLUCINSKY e-mail: plk@in.nextra.sk Network Engineer N E X T R A Plynarenska 1 tel: +421 7 58 228 111 824 71 Bratislava 26 fax: +421 7 58 228 222 S L O V A K I A http://www.nextra.sk ======================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message