Subject: Re: can't raise in kernel pppoe0 with mtu > 1460
To: Martin Husemann <martin@duskware.de>
From: Carl Brewer <carl@bl.echidna.id.au>
List: tech-net
Date: 03/22/2005 19:30:32
Martin Husemann wrote:
> On Tue, Mar 22, 2005 at 06:59:07PM +1100, Carl Brewer wrote:
> 
>>Is there some reason why you're blocking the ICMP
> 
>                            ~~~
> 
> 
>>type 3 code 4 packets?  See :
>>
>>http://www.phildev.net/mss/mss-filter.html
> 
> 
> I might have missed something, was there evidence that *he* is doing that?

[quote]
The reason why this is a problem is that Windows clients
(running WinXP or Win98SE) behind a NetBSD NAT firewall are unable to
use Windows Update or down load large files from some websites.  In my
/etc/ipnat.conf:
[end quote]

The winxp boxes on my LAN here behind my NAT firewall (which
does allow icmp 3/4) have no problems with accessing windows update
through a PPPoE interface.  Same with all the client sites that
I have NBSD IPF firewalls at.  This is some 7 or 8
different ISPs and DSL routers.

So, it's possible to suggest that there may be a more strident
firewall causing the problem, and clamping is probably
not necessary.  Unless, as you suggest, there's some braindead
transparent proxy somewhere, but that's again, possibly on the
other side of the firewall.

But you're right, it's possible that Alicia isn't the one
blocking the ICMP, in which case my assumtion is incorrect,
but at least they now have a reference to pass on upstream
if indeed this turns out to be a problem somewhere else,
especially if it's some broken Firewall-nONE VPN .. urghhhh