Subject: Re: Lower MTU behind NAT
To: Feico Dillema <>
From: None <>
List: current-users
Date: 02/05/2001 07:38:12
>I have a bit of a problem with NAT and ICMP and haven't been able to
>find the answer in the ipfilter documentation. I hope you can give me
>a hint whether and how this can be fixed. I have the following setup:
>client <=> gif tunnel MTU=1280 <==> NAT <==> Outside world
>Problem is that TCP connections to servers using PMTU discovery faisl
>as the internal IP-addresses in ICMP messages do not get translated.
>The NAT machine sends out ICMP mesgs like:
>17:35:40.185184 > icmp: unreachable - need to frag (mtu 1280) (ttl 255, id 35140)
>Rewriting these addrs in ICMP msg is maybe not perfectly correct, but
>it would make my setup work. So, I'd like to know whether there's some
>rule I can add for this.

	NAT = ipnat (in ipfilter)?
	then, this should be the same problem as PR 10993.  not sure
	if recent ipfilter corrects it or not.