/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */ Brian Servis <[EMAIL PROTECTED]> wrote: > > > In your /etc/ppp/options, add "mtu 1500", and "mru 1500" probably > > wouldn't hurt either. > > Just for reference can you point to document that talks about the > mtu/mru compatibility requirements between two network interfaces. As I was typing up the answer, it occurred to me that my feeble brain has forgotten exactly why this bug comes up. It has something to do with a TCP issue called "Path MTU discovery." A client will send a packet that is as large as it's local interface's MTU. Your masq box knows that it's PPP interface has an MTU of 552, so it sends packets no larger than that, and they work. Your masq'd client, though, only has an ethernet interface, and doesn't know about the narrower PPP interface on the masq box. It sends a packet with a size of 1500, and your masq box must fragment the packet in order to send it on. That's fine, too. However, in "Path MTU Discovery," a client sends a packet with the "DF" (Don't Fragment) bit set in the headers. When the masq box gets a packet like this, it is supposed to send and ICMP message back to the sender, saying "Your packet was too large, try this size (552) instead." The sender then retries, having discovered the MTU for that segment of the path. Now the issue starts to get hairy. Some people think that the bug is in the masq code, and that the ICMP message either gets sent to the wrong place, or dropped altogether. Other people think the bug is in the PPP server, on the other side of the link, where you can't see it. They think that there is a broken server preventing large packets from being fragmented or reported back to the sender. Still other people think that the bug is in the network configuration of the distant WWW server's network, where a paranoid network administrator has set up a tight firewall that repels ALL ICMP messages, including the ones from your ISP's PPP server, which would tell it "Hey, you're sending Dont-Fragment packets that are too big!" Since nobody knows where the issue is, and there's lot of possible blame to throw around, the problem remains unsolved to this day. More armchair network administration from yours truly, -- [EMAIL PROTECTED] (Fuzzy Fox) || "Good judgment comes from experience. sometimes known as David DeSimone || Experience comes from bad judgment." http://www.dallas.net/~fox/ || -- Life Lessons _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
