From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marco Gaiarin <gaio@sv.lnf.it>
Date: Fri, 04 Dec 2015 09:37:58 +0000
Subject: NAT, ICMP filtered, congestion troubles?
Message-Id: <20151204093758.GD3204@sv.lnf.it>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
To: lartc@vger.kernel.org


In my organization the default firewall block all traffic from clients,
that can access the Internet only via proxy.
ALL traffic get blocked, ICMP too. IPv4, so client get NATted.

Recently i've had to add a 'pinhole' to access an external mail server
(SMTP and IMAP), and i've enabled only that TCP port.
AFAIK, congestion avoidance are handled by the firewall, not
the internal/natted host.


Because we are suffering some troubles (mostly: random disconnection;
tshark display many duplicated packet), i'm rethinking that, at least
as hypotesis.


Permitting TCP connection but blocking ICMP (and other protos) from an
internal network, natted, to an external site, could lead to trouble?


Thanks.

--=20
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''                    http://www.sv.lnf.=
it/
  Polo FVG   -   Via della Bont=E0, 7 - 33078   -   San Vito al Tagliamento=
 (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842=
797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
    http://www.lanostrafamiglia.it/25/index.php/component/k2/item/123
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)