Date: Sun, 17 Sep 2000 12:48:11 -0700 (PDT) From: John F Cuzzola <vdrifter@ocis.ocis.net> To: freebsd-security@FreeBSD.ORG Subject: MTU Path Discovery + ipfw/natd Message-ID: <Pine.LNX.4.21.0009171237090.24790-100000@ocis.ocis.net>
next in thread | raw e-mail | index | archive | help
Hello Everyone, I have a question on why something works. Suppose I have a private net that a BSD box is masquarading for like this: ROUTER ----------- FreeBSD Box --------- Private Net 192.168.0.0/24 let's suppose the BSD box is masquarading through a public ip of 209.52.173.1. My question has to do with MTU Path Discovery. Suppose a computer 192.168.0.1 sends a packet with the don't fragment bit set. This packet's source address get's changed to 209.52.173.1 and sent to the next-hop (in this example the router). Now let's say the router can't handle the size of the packet and since it is not allowed to fragment, it tries to send a icmp 3.4 message (Fragmentation needed but DF bit set). Well the router will send that ICMP message to 209.52.173.1 and 192.168.0.1 would never receive it. I've never had any problems with ipfw/natd but was curious why this scenario doesn't seem to happen. Can anyone fill me in? Thanks, John To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.21.0009171237090.24790-100000>