RE: PMTU Discovery - Does it work?

From: John Smith
Date: Sat May 24 2008 - 10:15:56 EST





> From: ecki@xxxxxxxxxxxx
> To: linux-net@xxxxxxxxxxxxxxx
> Subject: Re: PMTU Discovery - Does it work?
> Date: Thu, 22 May 2008 20:08:52 +0200
>
---SNIP SNIP----

I went back and did a little reading of the rfcs, the kernel network code (icmp.c and ip.c) and looked at the packet captures again.

I now believe that the problem is that the firewall (SonicWall) is not re-writing the addresses in the header within the ICMP 'Fragmentation Required' message as required for a NAT in RFC 1631. The server in the DMZ has a private address (172.16...) the external interface is (66....) It looks like the ip.c code checks for a match on the source address of the header within the packet. Of course the address doesn't match.

I'm waiting for the IT folks to figure out how to make that work on the firewall to conclude the experiment.

Thanks for the help!

snafu

_________________________________________________________________
Change the world with e-mail. Join the i’m Initiative from Microsoft.
http://im.live.com/Messenger/IM/Join/Default.aspx?source=EML_WL_ChangeWorld--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html