Re: icmp: 10.1.4.50 unreachable - need to frag (mtu 500) [tos 0xc0]

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Chris Brenton <cbrenton@chrisbrenton.org>
To: Scott Hall <halls@aros.net>
Cc: netfilter@lists.netfilter.org
Subject: Re: icmp: 10.1.4.50 unreachable - need to frag (mtu 500) [tos 0xc0]
Date: Tue, 13 Jan 2004 10:51:02 -0500	[thread overview]
Message-ID: <1074009062.5742.222.camel@grendel> (raw)
In-Reply-To: <4003A62B.7020108@aros.net>

On Tue, 2004-01-13 at 03:02, Scott Hall wrote:
> So the one question that this whole issue raises in my mind is, Isn't 
> there anyway to handle the (DF) packets differently?

Absolutely. Config the stacks on both ends of the connection to _not_
set DF. This will cause the router at the MTU border to frag the packets
and will not require an ICMP error packet.

> I ask 
> becuase we have two cisco routers and 6 Adtran routers that handle this 
> same scenario quietly. 

I'm guessing if you check the decodes from those packets you will see
the public rather than the private IP embedded in the payload. I think
this is what is killing you. This is an old Netfilter bug that I
*thought* was fixed ages ago.

HTH,
C

next prev parent reply	other threads:[~2004-01-13 15:51 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-01-06  7:07 icmp: 10.1.4.50 unreachable - need to frag (mtu 500) [tos 0xc0] Scott Hall
2004-01-06 11:23 ` Chris Brenton
2004-01-06 15:48   ` Scott Hall
2004-01-13  8:02   ` Scott Hall
2004-01-13 15:51     ` Chris Brenton [this message]
2004-01-13 16:12       ` Scott Hall
2004-01-13 16:38         ` Chris Brenton
2004-01-13 17:52           ` Scott Hall
2004-01-14 18:11           ` Mark Weaver

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1074009062.5742.222.camel@grendel \
    --to=cbrenton@chrisbrenton.org \
    --cc=halls@aros.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.