> >
> > Doesn't sound good that IP header with private IP address
> > gets sent to internet. - after all, the 195.168.3.210 host on internet
knows
> > nothing about 10.10.1.2...
> >
> We have discussed this before with Brian and Charles, and have come
> up to an agreement that FIREWALL should block these packets, not NAT.
>
There must be something I don't understand now ? How is the host
on the internet now going to know that smaller MTU is required when
it sends packets to host inside nat'ed network ?
Ari S.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
