Date: Mon, 31 Mar 2003 14:27:58 +0300 From: "Ivailo Tanusheff" <i.tanusheff@procreditbank.com> To: <null@1system.ru> Cc: FreeBSD Net <freebsd-net@FreeBSD.org> Subject: RE: Need to frag (DF) :) Message-ID: <060e01c2f778$9528a400$faf810ac@sof.procreditbank.bg> In-Reply-To: <20030331102658.GA66056@mail.1system.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
I think you should lower the mtu value of the ng0 interface. This is
because of the packet overhead.
If you are using Windows XP, than you should enable multilink or you
can't bypass this.
Ivailo Tanusheff
-----Original Message-----
From: owner-freebsd-net@freebsd.org
[mailto:owner-freebsd-net@freebsd.org] On Behalf Of Dennis S. Davidoff
Sent: Monday, March 31, 2003 1:27 PM
To: freebsd-net
Subject: Need to frag (DF) :)
Hi all.
After successful authorization and setting tunnel by mpd I've got a
problem with packet fragmentation.
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
net 172.16.1.2 netmask 0xffffff00 broadcast 172.16.1.255
ether 00:02:44:2e:35:da
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 172.16.0.1 netmask 0xffffff00 broadcast
172.16.0.255
ether 00:10:dc:06:e8:91
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1392
inet 10.0.0.1 --> 10.0.0.2 netmask 0xffffffff
As you can see, mtu is 1392. So any attempt to open big content from
site or download a big file will fail. tcpdump shows:
14:13:09.876867 172.16.1.2 > 217.106.231.104: icmp: 192.168.0.168
unreachable - need to frag (mtu 1392) (DF)
...and so on.
Also I'll trying to test my gateway like that:
C:\Documents and Settings\null>ping -f -l 1500 172.16.0.1
Pinging 172.16.0.1 with 1500 bytes of data:
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Ping statistics for 172.16.0.1:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C
Someone from obsd tells me that in obsd pf it could be solved by the
rule:
scrub in all no-df fragment reassemble
...which defragments all packets and removes DF flag (i guess)
P.S. On my gateway I have an ipfw rule that allows any icmp type.
Thanks for any advices.
--
Sincerely,
Dennis
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?060e01c2f778$9528a400$faf810ac>