On Mon, Jan 01, 2001 at 11:42:52PM -0600, Frank Knobbe wrote:
> I agree that this ICMP type is important, but isn't it only important
> to my router? I mean, what does my firewall care?
The Fragmentation Needed Message will be send to the Sender of the IP Packet
to instruct him to make the send packates smaller. So, if your firewall is
not able to resize the IP Packets (afaik only application level firewalls
will do that) then you have to pass the masseges through your router and
through your firewall directly to the sending host.
> packet size), and when the router can not transfer it out to the
> Internet and get such an ICMP packet from some other router, then the
> router should fragment the packet and send it on its way, not the
> firewall, or am I missing something? Doesn't fragmentation occur from
> one device to the next?
Yes, fragmentation occurs by the device which is the last one which can
receive the large packet. Normally not your Border Router will have
problems, but a system on the other side of the connection. This System is
complaining to the originator, not to any router earlier in the path. As
long as you use MTU Path Discovery no router anywhere will fragment the
packets. They will drop them and request a resent with the ICMP Message.
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
