IP masquerading: what is ``need to frag''?

raju@dontpanic.indiagate.com
12 May 96 15:49:00 +0630


* From: raju@dontpanic.indiagate.com (Raj Mathur)
* Reply-To: raju@dontpanic.indiagate.com
* To: linux-net@vger.rutgers.edu

Hi, Fellow Linuxers,

Recently setup IP masquerading on our newly-acquired Internet link.
The setup is:

My machine --> Router --> Internet
202.41.30.252 202.41.31.247

So the router (202.41.31.247) is masquerading as my machine
(202.41.30.252) for the rest of the 'Net.

Most things (including DNS) go through OK. However, the 2 FTP sites I
tried (sunsite.unc.edu and ftp.cdrom.com) as well as a couple of WWW
sites (lod.com for e.g.) give hung connections. The FTP sites hang
after the ``Port command successful'' for a DIR and the WWW sites hang
after establishing connection.

On doing a tcpdump on the WAN interface on the router I found a
message akin to this when the connection was about to hang:

202.41.31.247 -> sunsite.unc.edu: 202.41.30.252 icmp host
unreachable: need to frag

Does anyone have any ideas?

Router config:

486 DX/2, 8mb, Linux 1.3.89 with firewalling, forwarding,
masquerading, aliasing enabled. (Forwarding required since it actually
_is_ a router for 4 other WAN interfaces).

WAN interfaces: all mtu 1006, SLIP
Eth interface: mtu 1500

Any help appreciated.

-- Raju

-- 
Raj Mathur        Don't Panic! BBS           New Delhi           India
  PGP: Fingerprint: F2 D4 4A 21 27 B0 63 FF  15 97 9D AE 9D 40 BC B8
       2.6.i Key: finger raju@arbornet.org or ask a key server.
                      It is the mind that moves.

--- FIDOGATE 3.9.7 -=- | Fidonet : raju 6:606/49 | Internet : raju@dontpanic.indiagate.com | More info : info@indiagate.com | Our Page http://www.indiagate.com +----------------------------------------------------------------------- | Indiagate - The Fidonet-Internet Gateway to India | Across 8 cities, includes over 20 BBSes, connects more than 3000 people +-----------------------------------------------------------------------