[ On Sat, November 21, 1998 at 07:46:54 (-0500), Perry E. Metzger wrote: ]
> Subject: Re: SOLVED! The cause of puzzling TCP (eg. WHOIS) connection failures with some InterNIC.net hosts 
>
> Ah, but I think people have to fix the firewalls. Lots and lots of
> machines are doing PMTU discovery. If you filter all ICMP, well, lots
> of connections to you are going to lose, not just ours if you have
> PMTU on.

Sure, people *should* fix their firewalls.  Commercial firewalls
probably shouldn't allow such stupid rules to be imposed in the first
place.

However the people feeling the pain of broken PMTUD are often not the
administrators of the broken firewalls (or even the direct users of the
broken firewalls).

If indeed PMTUD is not robust by design (eg. it permits an intermediate
party to cause connections to fail) then the protocol is what really
needs fixing, not the "broken" firewalls.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>