[MLB-WIRELESS] Firewall rule?
Michael Borthwick
holden at netspace.net.au
Wed Aug 16 16:39:48 EST 2006
On 16/08/2006, at 8:09 AM, Craig Sanders wrote:
> On Tue, Aug 15, 2006 at 07:04:59PM +1000, Jesse McNelis wrote:
>>> Now what I need to know, is it quite ok to deny all requests for
>>> the ICMP packet range? Will it harm any other services that I have
>>> running?
>>
>> Generally it's not a problem. Just remember that you've done it. The
>> most frustrating thing is trying to get two computers to talk over a
>> wireless networking. Using ping to test the connection and not
>> getting
>> replies and not being able to work out why.
>
> wrong. it's more than just frustrating, blocking all ICMP packets is
> brain-damaged.
>
> it breaks, amongst other things, MTU path discovery (which requires
> passage of ICMP Fragmentation Required packets). common symptom of
> this
> is to see small packets (containing e.g. tiny emails, tiny web pages,
> anything that fits entirely in a few hundred bytes) working OK but
> timeout errors on larger packets (e.g. normal web traffic, ftp, email,
> whatever).
sounds like what happens when you get shaped on iburst.
More information about the Melbwireless
mailing list