<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: paket fragmentation and mtu
From: Stephan von Krawczynski <skraw,AT,ithnet,DOT,com>
Date: Wed, 11 Jul 2001 10:49:03 +0200
In-reply-to: <000c01c10975$cf72dec0$7e7c6634@oliverem2k>

---Reply on mail from Mikeeo about paket fragmentation and mtu
> Is there someone along the path or you blocking ICMP? type 3 is the the type
> u cannot block so make sure that icmp type 3 messages are getting through
> trouble shoot with tcpdump or ethereal.


you are definitely right, only I have no chance to change this. The problem
is on the other side of the request (e.g. at www.elsa.de). I can see the
ICMP packet leave at my side, but nevertheless www.elsa.de tries several times
to send the same packet (with same length of 1500 bytes) and then timeouts.
As I am not the world-wide-web-police that runs after people not able to
configure their firewalls, I definitely need some patch.
I updated all cipes to 1.5.2 yesterday and the problem stays (of course).
Logfile shows this:

Jul 11 09:07:21 firewall1-pla kernel: Packet log: uu_in ACCEPT hdlc1 PROTO=6 
www.elsa.de:80 win-client:1441 L=1500 S=0x00 I=0 F=0x4000 T=49 (#3) 

And back:

Jul 11 09:07:21 firewall1-pla kernel: Packet log: uu_out ACCEPT hdlc1 PROTO=1 
cipe-router:3 www.elsa.de:4 L=576 S=0xC0 I=21686 F=0x0000 T=253 (#3) 

This repeats several times, and then www.elsa.de timeouts.

How can we make it work? Obviously cipe should fragment the packet itself,
and not care about the mtu at all. I thought this should be done by increasing
mtu in cipe's configfile. But that doesn't seem to work. Anybody out there 
different experience?


<< | Thread Index | >> ]    [ << | Date Index | >> ]