In my organization the default firewall block all traffic from clients, that can access the Internet only via proxy. ALL traffic get blocked, ICMP too. IPv4, so client get NATted. Recently i've had to add a 'pinhole' to access an external mail server (SMTP and IMAP), and i've enabled only that TCP port. AFAIK, congestion avoidance are handled by the firewall, not the internal/natted host. Because we are suffering some troubles (mostly: random disconnection; tshark display many duplicated packet), i'm rethinking that, at least as hypotesis. Permitting TCP connection but blocking ICMP (and other protos) from an internal network, natted, to an external site, could lead to trouble? Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/25/index.php/component/k2/item/123 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
