Subject: Re: Lower MTU behind NAT
To: Feico Dillema <firstname.lastname@example.org>
From: None <email@example.com>
Date: 02/05/2001 07:38:12
>I have a bit of a problem with NAT and ICMP and haven't been able to
>find the answer in the ipfilter documentation. I hope you can give me
>a hint whether and how this can be fixed. I have the following setup:
>client <=> gif tunnel MTU=1280 <==> NAT <==> Outside world
>Problem is that TCP connections to servers using PMTU discovery faisl
>as the internal IP-addresses in ICMP messages do not get translated.
>The NAT machine sends out ICMP mesgs like:
>17:35:40.185184 220.127.116.11 > 18.104.22.168: icmp: 10.1.1.2 unreachable - need to frag (mtu 1280) (ttl 255, id 35140)
>Rewriting these addrs in ICMP msg is maybe not perfectly correct, but
>it would make my setup work. So, I'd like to know whether there's some
>rule I can add for this.
NAT = ipnat (in ipfilter)?
then, this should be the same problem as PR 10993. not sure
if recent ipfilter corrects it or not.