Mark Cooke wrote: > > # accept ICMP destination unreachable errors (so that TCP works) > > ipchains -A input -j ACCEPT -p ICMP -s 0/0 destination-unreachable > > You also need to accept things like FRAG_NEEDED so pmtu discovery > works nicely. destination-unreachable is ICMP type 3. fragmentation-needed is ICMP type 3, subtype 4. So, the above rule is sufficient for path MTU discovery. -- Glynn Clements <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to [EMAIL PROTECTED]
- Re: Securing IPMASQ gateway mike
- RE: Securing IPMASQ gateway Manuel A. McLure
- Re: Securing IPMASQ gateway Steve Shah
- RE: Securing IPMASQ gateway Manuel A. McLure
- Re: Securing IPMASQ gateway Steve Shah
- Re: Securing IPMASQ gateway Glynn Clements
- RE: Securing IPMASQ gateway Manuel A. McLure
- Re: Securing IPMASQ gateway Steve Shah
- RE: Securing IPMASQ gateway Glynn Clements
- RE: Securing IPMASQ gateway Mark Cooke
- RE: Securing IPMASQ gateway Glynn Clements
- RE: Securing IPMASQ gateway Mark Cooke
- RE: Securing IPMASQ gateway Manuel A. McLure
- RE: Securing IPMASQ gateway Glynn Clements
