netbsd-bugs: Re: kern/36309 ipf 4.1.20 breaks NAT setup

Subject: Re: kern/36309 ipf 4.1.20 breaks NAT setup
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Michael van Elst <mlelstv@serpens.de>
List: netbsd-bugs
Date: 05/19/2007 10:10:03

The following reply was made to PR kern/36309; it has been noted by GNATS.

From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: kern/36309 ipf 4.1.20 breaks NAT setup
Date: Sat, 19 May 2007 12:08:29 +0200

 One more problem showed up.

 | When sniffing the outgoing traffic I see ICMP messages sent to the
 | internet host: '[client] unreachable  - need to frag (mtu 1427)'

 should read:

 | When sniffing the outgoing traffic I see ICMP messages sent to the
 | internet host: '[P.P.P.P] unreachable  - need to frag (mtu 1427)'

 I.e. the outgoing "need frag" icmp message includes the untranslated
 private address of the client, which breaks PMTUD.

 This is probably the only error here. Previously the too-large mss
 clamp value wasn't noticed because PMTUD handled the issue. Without
 PMTUD I have reduce the mss clamp value (to 1392) to absolutely
 avoid fragmentation.

 Greetings,
 -- 
                                 Michael van Elst
 Internet: mlelstv@serpens.de
                                 "A potential Snark may lurk in every tree."