\begin{Crossfire}
> [EMAIL PROTECTED] was once rumoured to have said:
> > I just figured out why my router wouldn't work. The MTU of the external
> > interface was 1472 (i set that) and I read the thing about IP_masq code not
> > liking non-fragmented packets.. So just a quick couple of questions..
>
> Uh?
dude, he's right, the masqing code in every OS (except maybe
iptables? *) needs to defragment the packets first.
this isn't the problem here, as the packet would be defragmented (on
the router), then munged by masquerading code, then fragmented again
as soon as it needs to be sent out a too-small interface.
(*) i remember rusty making some claim that he could do this, and they
scared me.
> > 1) Isn't it faster if it doens't have to fragment the packet?? as 1472 is the
> > MTU of the next hop out to the net.
>
> Yes, this is what PMTU discovery is about.
>
> In fact, I'll be sure to include a bit about PMTU discovery in my
> talk, and why you don't block all ICMP... ever.
see my posts from a few months ago. telstra cable (i'm assuming pppoe
from the 1492 MTU) ignores DF and fragments anyway (after a 2minute
delay). naturally they weren't interested in knowing about it (even
during the alleged "trial").
you want the "-m" option to rp-pppoe to fool PMTU into starting from
1492, rather than 1500 (it rewrites the MSS value).
(if you're using debian potato, you'll need a newer pppoe package)
> When employing NAT, packets HAVE to be defragmented before they can be
> relayed from the real world into the NAT again. This is as fragmented
> packets won't contain destination and source port numbers which are
> required in order to route the packet to their propper destination.
> (Remember, IP does the fragmenting, not UDP or TCP - and only UDP and
> TCP contain the port numbers, so the first fragment should contain
> this information, but subsequent fragments wont).
sorry, hadn't read this far before writing above
--
- Gus
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
