[Dshield] A perplexing question

Johannes B. Ullrich jullrich at euclidian.com
Thu Mar 15 00:26:07 GMT 2001

Actually, you can have the gauntlet firewall do the MTU adjustment and
traffic shaping for you if I remember right. I will follow with an
URL once I manage to find it. I remember some University (ksu.edu?)
doing some experiments with a Gauntlet firewall.... If I remember right,
the basic result was that larger MTU's are better. But both links have to be
setup right...

-----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
Behalf Of John Kimbler
Sent: Wednesday, March 14, 2001 6:14 AM
To: dshield at dshield.org
Subject: [Dshield] A perplexing question

I'd like to use a Packet Shaper to modify the MTU size of the packets that
are sent and received by the clients on my network. My question is this:
Does a Gauntlet (or any) firewall change the MTU values that are negotiated
when a client behind a firewall connects to a destination that is on the
untrusted network (like www.yahoo.com, for example)? Or are the MTU values
negotiated from client to server and maintained, the firewall just acts as a
NAT server and only changes IP addresses? Thanks in advance to all who
respond. Please, if possible, include a url that I can reference for the



Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list