On Fri, Jul 13, 2001 at 01:58:55PM +0300, Ruslan Ermilov wrote:
> On Fri, Jul 13, 2001 at 01:36:42PM +0300, Ari Suutari wrote:
> > Hi,
> >
> > Doesn't sound good that IP header with private IP address
> > gets sent to internet. - after all, the 195.168.3.210 host on internet knows
> > nothing about 10.10.1.2...
> >
> We have discussed this before with Brian and Charles, and have come
> up to an agreement that FIREWALL should block these packets, not NAT.
The firewall blocks these packets, but the effect is, that the host
195.168.3.210 never gets the information about different MTU on path.
regards,
--
======================================================================
Bohus PLUCINSKY e-mail: [EMAIL PROTECTED]
Network Engineer
N E X T R A
Plynarenska 1 tel: +421 7 58 228 111
824 71 Bratislava 26 fax: +421 7 58 228 222
S L O V A K I A http://www.nextra.sk
=======================================================================
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
