|
Hello all, I am having a little trouble understanding the
differences between Firewall / Proxy activity on internal / external nets. For
example I read recently out of a book I am going through, that one should reconsider
blocking all ICMP traffic for reasons related to fragmentation. I was
wondering, with my current setup how does this affect packets coming from my
external (internet) interface and packets on my internal network, because based
on what is written my firewall/router will just drop packets with a too high
MTU without warning the host that sent it, but by using nating I should think
this should not affect any of my internal hosts communicating with external
hosts… On the other hand I guess they mean that this will affect
communication on my internal net.. Could someone clear me up on this or direct
me to some documents that explain this kind of networking activity a little
more in detail? My second question is which ICMP types should be
allowed in to the external interface if any? Thanks, Tim |