[ previous ] [ next ] [ threads ]
 From:  Kasper Pedersen <m0n0list dash kkp2 at kasperkp dot dk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  ICMP frag needed getting lost / MTU autodiscovery trouble
 Date:  Wed, 02 Jul 2008 01:11:05 +0200
I have one monowall, 1.3b9, sitting in front of a webserver.
My test client is behind a router hop that can only do 1024 byte packets 
on its backside. Yes it's an odd size but simulates a real world 
scenario. 1496 is just as problematic, and what you get with PPPoE.

The story goes:
1) the webserver sends a 1500 byte packet with DontFragment set
2) the router generates an ICMP unreachable, fragmentation required, as 
3) It is sniffable on the wan side of the monowall, as expected
4) It is never seen again. Not in the logs, not sniffed on the server, 
and not sniffed on the managed lan switch even though the first rule on 
wan is a ICMP-any-webserver+log, and the webserver in question sits on a 
dmz using globally routable addresses.

Any ideas on getting MTU autodiscovery to work through 1.3b?