From owner-freebsd-stable@FreeBSD.ORG  Mon Oct  3 15:10:46 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 436E216A41F
	for <freebsd-stable@freebsd.org>; Mon,  3 Oct 2005 15:10:46 +0000 (GMT)
	(envelope-from all@biosys.net)
Received: from mail.rfnj.org (ns1.rfnj.org [66.180.172.156])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AF12943D46
	for <freebsd-stable@freebsd.org>; Mon,  3 Oct 2005 15:10:42 +0000 (GMT)
	(envelope-from all@biosys.net)
Received: by mail.rfnj.org (Postfix, from userid 65534)
	id DA0B1351; Mon,  3 Oct 2005 11:10:41 -0400 (EDT)
Received: from megalomaniac.rfnj.org (ool-457425f4.dyn.optonline.net
	[69.116.37.244]) by mail.rfnj.org (Postfix) with ESMTP id 7588019
	for <freebsd-stable@freebsd.org>; Mon,  3 Oct 2005 11:10:41 -0400 (EDT)
Message-Id: <6.2.3.4.2.20051003104050.02721b28@mail.optonline.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4
Date: Mon, 03 Oct 2005 11:13:33 -0400
To: freebsd-stable@freebsd.org
From: Allen <bsdlists@rfnj.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on rfnj.org
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=20.0 tests=none autolearn=failed 
	version=3.0.4
Subject: PMTUD and NAT?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2005 15:10:46 -0000

Having an issue here, looks similar to bin/78424 which is listed as 
open and low priority, but no assignments or comments.  The problem 
is pretty straight forward, though a solution to it seems like it's 
all-or-nothing.

The issue is that when using a box with PMTU discovery behind a NAT, 
the NAT is effectively a blackhole, as the ICMP packets coming back 
from the remote end aren't NATed and passed back through.  The only 
option seems to be to disable PMTUD on all the clients behind the nat.

FWIW my situation for testing here is a Freebsd 5-STABLE (5.4 
cvsupped as of yesterday) box running ipfw and ipnat, workstations 
behind it are a mix of FreeBSD and WinXP.  I of course would like to 
leave PMTU discovery on on the clients behind the NAT, but so far 
this seems like a pipe dream.