Date: Fri, 4 Jan 2002 10:02:01 -0800 From: William Carrel <william.carrel@infospace.com> To: freebsd-hackers@freebsd.org Subject: Re: path_mtu_discovery Message-ID: <26E71536-013D-11D6-8ED3-003065D5E9A4@infospace.com> In-Reply-To: <20020104154543.90114.qmail@web12508.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday, January 4, 2002, at 07:45 AM, Kristopher Kublinski wrote: > --- Peter Pentchev <roam@ringlet.net> wrote: >> On Fri, Jan 04, 2002 at 11:08:06AM +0100, Martin Kaeske wrote: >>> Hello, >>> I'm using FreeBSD-4.4-STABLE and have an OpenBSD-2.9 router to >>> connect to the internet (via DSL). If i try to do a cvsup >>> (cvsup.de.freebsd.org, cvsup2.de.freebsd.org, cvsup.freebsd.org) >>> i'm getting a lot of "icmp: Destination unreachable, need to frag >>> <mtu 1488>" messages and cvsup fails (timeout). The curious thing >>> is if i disable net.inet.tcp.path_mtu_discovery or if i lower the >>> MTU to 1488, everything is fine (of course). >>> That's why i wanted to ask wether FreeBSD fails to lower the MTU >>> (it should lower it due to the icmp messages, shouldn't it?) or >>> is there any pppoe specific problem between me and the cvsup servers? >>> >>> Martin >>> PS: AFAICS cvsup is the only problem ftp/http/nntp works fine >> >> You have not, by any chance, firewalled ICMP replies, have you - >> either outgoing on the router, or incoming on the FreeBSD box? >> > I have the same setup as Martin but i cant say i have the same > problem. I am also blocking all > incoming icmp traffic - in fact i have explicitly denied almost all > incoming traffic so i do not > thing that is the problem. however if you are running ipf on the > openbsd machine (which i am > assuming you are) you might want to check your ruleset, it sounds like > you might have something in > there that is causing it. Blocking all ICMP is bad m'kay? See also: http://www.worldgate.net/~marcs/mtu/ ipfilter with 'keep state' on the connections will automatically allow back in relevant ICMP messages such as mustfrag. The icmp messages coming up on the users console might be logged blocked packets or some such? I don't seem to recall any of the RELENG_4 systems I run spewing stuff to console if the PMTU-D was turned on. Also I wonder if the user's OpenBSD box and FreeBSD box agree on what their MTU is. In any case, barring anyone being able to repeat this it probably belongs on -questions@. -- William Carrel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26E71536-013D-11D6-8ED3-003065D5E9A4>