Did something change in the kernel between 2.4.17 and 18 concerning ICMP fragmentation? I've been noticing (and getting complaints from local users) that some web sites are unaccessable. Sounds like the problem of some ISP's / routers not allowing ICMP fragmentation packets. I checked some of my firewalls and the problem appears to show up on kernels 2.4.18 and higher. Anyway, the work around according to kernel documentation is to add this line to the iptables rule set: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \ -j TCPMSS --clamp-mss-to-pmtu This does appear to work for clients behind the firewall going to the Net. However, this does not fix the problem for the fw box itself. Anyone else run into this and find a fix? -- John Hawley BGEA / Info Tech Svcs 612.335.1334 jhawley at bgea.org