On Wed, Sep 29, 1999 at 04:01:13AM +0200, Sean Doran wrote:
> Feico Dillema writes:
> 
> | Am I right to conclude that it is safe or at least reasonable to have
> | PMTU disc. switched on for a server not directly behind such a
> | blackhole? How about clients behind such a blackhole? Will they be
> | blocked?
> 
> It's reasonable, yes, but there are risks.
> 
> Below I use client and server although really it's TCP sender and
> TCP receiver in each case; TCP does not care about clients and servers
> per se.

Thanks for the detailed explanation. I have one question left,
concerning the combination of NAT and PMTU. PMTU doesn't seem
to work through a NAT-box, in effect causing a black hole.

Here's the setup that doesn't work:

192.168.1.2 <= gif tunnel MTU=1280 => 10.0.0.204 <= MTU=1500 =>
NAT Box <= MTU=1500 => server (PMTU enabled machine)

In this setup the machine with address 10.0.0.204 sends ICMP
`192.168.1.2 needs fragmentation' to the server. The NAT box
doesn't translate the IP address in this ICMP message, causing
the server not to recognize it. Can NAT be configured to make this
work, and if not, could NAT be changed to deal with this without
problems?

Feico.