Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) server side

From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 08/26/03

  • Next message: Paul Robertson: "Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
    To: Carson Gaspar <carson@taltos.org>, firewall-wizards@honor.icsalabs.com
    Date: Tue, 26 Aug 2003 17:22:43 -0400
    
    

    >If an ALG supports transparent proxying, enables PMTUD, and does not intercept ICMP must fragment, the ALG is broken. File a high priority trouble ticket with your vendor.

    If an ALG understands PMTUD and ICMP it's not an ALG, it's a packet
    filter masquerading as a proxy. All that stuff is totally below application
    space.

    mjr.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul Robertson: "Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"

    Relevant Pages