On Sat, 2 Sep 2000, Matti Aarnio wrote:
> On Sat, Sep 02, 2000 at 04:12:04PM +0200, Elmer Joandi wrote:
> ....
> > There is another big problem like that...
> > tunnels actually do not work on todays real internet...
> > MTU 1500 is so much a standard that it starts killing tunnels.
> > MTU < 1500 is not a working solution today thanks to (mostly
> > linux based ? ) broken firewalls
>
> It is due to knee-jerk ICMP blocking settings at firewalls/routers.
[snip]
Yes, this is indeed the primary cause. All of the Linux howtos for
firewalling appear to warn against this. Most of the time I've see this
happen it's been ACLs on a Cisco router. Checkpoint makes it harder to
make this mistake by having normally invisable 'ALLOW' rules for such
traffic (and DNS too).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Sep 07 2000 - 21:00:13 EST