On Fri, Mar 19, 1999 at 10:30:46AM -0800, David A. Ranch wrote:
>
> Hey 2.2.x kernel MASQers..
>
> Could a few of you PLEASE compile up this new 2.2.3ac3 kernel
> and set your external link's MTU to something low like 470?
Oops... the problem arises when **INside MTU is lower**, this is because
packet "bounces" with already hacked addresses (ie demasqued)
so it's necessary to ``unmasq'' the packet for valid icmp handling.
1) HOWTO lower inside mtu without touching WHOLE device:
in 2.2
# ip route add internal_client/32 mtu 296
in 2.0 (don't know better way): create an alias with this lower MTU and
add routes via this new alias
# ifconfig eth0:254 _eth0_same_IP_address_ mtu 296
# route add -host internal_client dev eth0:254
2) After that, do (asuming ppp0 is your "internet" device)
# tcpdump -n -i ppp0 icmp
3) Start a download from internal_client, you should see
CORRECT icmp UNREACH packets
[I confirmed 2.0 and 2.2-ac3 correct behaviour]
>
> I'd like to see if this ICMP patch really does fix our long
> lasting MTU bug. Juanjo says a similar patch is already in
> 2.0.36 but we all know that the MTU bug is still in 2.0.36.
>
> So.. please let me know if you can test this. Ok?
Yap... and it will be VERY useful to provide a dump also!
>
>
> Also.. after exchanging a few emails with Juanjo, it sounds like
> the 2.2.x kernels have broken a few of the IP_MASQ modules.
> Juanjo has a patch for this on his site.
The problem is that almost all stock 2.2 modules ignore TCP EXTENDED
headers (linux 2.2, w98 clients), so they fail to hack the stream properly.
Eg: an internal w98 client trying to do realaudio (of course without
socks5 or another proxy beast).
Regards...
--
-- Juanjo http://juanjox.linuxhq.com/
== Yerba mate & Linux == ... ehee
what a !P0WER!
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
