Re: Path MTU Problem

Hash: SHA1

_lion_2000@xxxxxxx <_lion_2000@xxxxxxx> wrote:

Hi, i have a FreeBSD 6.3, fresh install. It is in the corporate
network and i can't use any tcp network service on that machine from
any other, which is behind cisco routers with tunnels.

This is a classic PMTU Discovery problem.

Well, not all services, but some, when large packets are sent from
that box. After some investigation i found, what router sends ICMP
Frag packets to that box, but it doesn't reduce packets size and keep
sending large packets:

Is it possible that you have PF or IPFW filter rules in place that drop
ICMP? Just because tcpdump shows you the frame arrived at your system,
does not mean that it was "seen" by the kernel.

here comes icmp frag packets. strange what sometimes tcpdump complains about
tcp header in icmp packet and sometimes not

The reason for this complaint is that frag_needed packets return a
portion of the original IP frame back to the sender, but the number of
bytes is not sufficient to see the entire TCP header. However, there is
enough to see the src/dest IP's and src/dest port numbers, as tcpdump
shows you. But tcpdump cannot decode past the end of the returned
frame, so it shows an error.

- --
David DeSimone == Network Admin == fox@xxxxxxxxx
"This email message is intended for the use of the person to whom
it has been sent, and may contain information that is confidential
or legally protected. If you are not the intended recipient or have
received this message in error, you are not authorized to copy, dis-
tribute, or otherwise use this message or its attachments. Please
notify the sender immediately by return e-mail and permanently delete
this message and any attachments. Verio, Inc. makes no warranty that
this email is error or virus free. Thank you." --Lawyer Bot 6000
Version: GnuPG v1.4.1 (GNU/Linux)

freebsd-net@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"