Re: IP fragmentation problem in the 2.0 kernels ?

H. Peter Anvin (
11 Sep 1997 03:23:48 GMT

Followup to: <>
By author: "David S. Miller" <>
In newsgroup:
> Anyone know how IPv6 handles masquerade/forward/et al?
> (RFC's?) - I've only read up to 1850 (roughly)
> I think in Ipv6, the standards are very stingent about "everybody,
> including routers and all hosts, must play the PMTU discovery game
> correctly or else" Something like that...

Note that a transparent-proxy (a.k.a. transport-layer) firewall causes
packet reassembly, so it will play the PMTU game separately on each
side. A packet filter (a.k.a. network-layer firewall) must pass the
relevant ICMP packets through.

Does anyone have a good list of ICMP and IGMP packets that
should/should not be safely packet filtered? I presume this will be a
list looking something like:

Type FOO can always be filtered out
Type BAR must never be filtered out
Type QUUX must only be filtered for incoming packets for which
<magic_address> is within the inside network


    PGP: 2047/2A960705 BA 03 D3 2C 14 A8 A8 BD  1E DF FE 69 EE 35 BD 74
    See for web page and full PGP public key
Always looking for a few good BOsFH.  **  Linux - the OS of global cooperation
        I am Baha'i -- ask me about it or see