From owner-freebsd-isp Sun Apr 18 14:27:37 1999 Delivered-To: freebsd-isp@freebsd.org Received: from pericles.IPAustralia.gov.au (pericles.IPAustralia.gov.au [202.14.186.30]) by hub.freebsd.org (Postfix) with ESMTP id 2093714D25 for ; Sun, 18 Apr 1999 14:27:21 -0700 (PDT) (envelope-from Stanley.Hopcroft@ipaustralia.gov.au) Received: (from smap@localhost) by pericles.IPAustralia.gov.au (8.9.1/8.9.1) id HAA07362 for ; Mon, 19 Apr 1999 07:24:52 +1000 (EST) X-Authentication-Warning: pericles.IPAustralia.gov.au: smap set sender to using -f Received: from noteshub01.aipo.gov.au(10.0.100.21) by pericles.IPAustralia.gov.au via smap (V2.0) id xma007357; Mon, 19 Apr 99 07:24:46 +1000 Received: by noteshub01.aipo.gov.au(Lotus SMTP MTA v4.6.3 (778.2 1-4-1999)) id 4A256757.0075A072 ; Mon, 19 Apr 1999 07:24:47 +1000 X-Lotus-FromDomain: IP_AUSTRALIA From: Stanley.Hopcroft@ipaustralia.gov.au To: freebsd-isp@freebsd.org Message-ID: <4A256757.00759ECE.00@noteshub01.aipo.gov.au> Date: Mon, 19 Apr 1999 07:23:51 +1000 Subject: NATD and packet fragmentation: fragments are not re-assembled or delivered ? Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear Ladies and Gentlemen, I am writing to ask your help with NATD. The topology is | |------------------------------- ...intranet .. ours and other admin ... Mainframe | ed1 ed0 | LAN 199.19.99.0/24 The FreeBSD host runs the ports collection copy of gated (3.5.7 ?) and is configured as a router, advertising to other OSPF routers the link to the 199.19.99.0 LAN. The router's interfaces are two ISA ethernet NICs using the ed driver. Because the outsourced mainframe is under others administration (CSC Australia) and it does not run a routing protocol, and I was too stupid to pick a network it had routes for, I had hoped to use natd to have mainframe traffic from the 199.19.99.0 LAN appear as from the routers ed0 interface (a host for which the mainframe did have routes for). THis would have saved me 'fessing up my stupidity and waiting on CSC to get their end right. The natd ipfw config on the FreeBSD router is ipfw divert natd all from any to any ipfw allow ip from any to any natd -use_sockets -same_ports -interface ed0 This allows 199.19.99.0 LAN hosts to open tn3270 or ftp sessions with the mainframe. Unfortunately it does *not* reliably transport the data between the mainframe and the LAN. The tn3270 sessions and ftp data sessions hang intermittently. A tcpdump on the router shows that packets from the mainframe (which is via a frame-relay WAN) . are bigger than 500 bytes . are fragmented by some intervening router into two 1480 byte packets (probably the FreeBSD router given the size of the fragments) . are not acknowleged by the 199.19.99.0 end-system The 199.19.99.0 end-system keeps acking earlier byte-ranges, the mainframe resends the packet (which appears as new fragements) until the end-system resets the connection. When I change the LAN (and router) to an address the mainframe can route to, and stop using natd, all is well. In particular, the packets from the mainframe . not fragmented . are about 500 bytes Your suggestions will, as always, be gratefully received. Thank you, Yours sincerely S Hopcroft -- not part of the list but I can read the archives -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message