Hi, AFAIK for mtu-discovery ICMP Type 3 Code 4 is needed (Fragmentation needed but DF set). If you allow "destination unreachable" inbound which is Type 3 it should work. regards, Axel Hoffmann System Engineer ---------------------------------------------------------------------- Eckmann Datentechnik Netzwerkservice Telindus GmbH Sylvesterallee 2 D-22525 Hamburg ---------------------------------------------------------------------- Email: [EMAIL PROTECTED] Tel: (+49) 40 54706 195 Fax: (+49) 40 54706 111 ---------------------------------------------------------------------- Please visit our websites http://www.eckmann.de http://www.telindus.de ---------------------------------------------------------------------- -----Urspr�ngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Im Auftrag von D H Gesendet: Donnerstag, 6. Juli 2000 20:24 An: [EMAIL PROTECTED] Betreff: [FW1] icmp service to allow mtu discovery We might be having an MTU discovery problem, and I remember reading about this in the paper at: www.feelabs.com/~whitis/isp_mistakes.html Is there a predefined FW-1 icmp service which allows ICMP "too big" messages so that I can make sure I'm not breaking PMTU discover??? Background info: We have been allowing a customers to ping a server on our site by allowing src=Any, dest=their server, service=icmp "echo-request" and allowing src=Any, dest=Any, service=icmp "echo-reply", "dest-unreach", "time-exceeded". Thanks in advance for your help! -- DH ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
