From owner-freebsd-net@FreeBSD.ORG  Mon Dec 26 15:58:43 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 22C6C16A41F
	for <freebsd-net@freebsd.org>; Mon, 26 Dec 2005 15:58:43 +0000 (GMT)
	(envelope-from subscriber@osk.com.ua)
Received: from gandalf.osk.com.ua (osk.com.ua [195.5.17.76])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0B57743D5E
	for <freebsd-net@freebsd.org>; Mon, 26 Dec 2005 15:58:41 +0000 (GMT)
	(envelope-from subscriber@osk.com.ua)
Received: from localhost (localhost [127.0.0.1])
	by gandalf.osk.com.ua (Postfix) with ESMTP id AB15B78C1F
	for <freebsd-net@freebsd.org>; Mon, 26 Dec 2005 18:02:46 +0200 (EET)
Received: from gandalf.osk.com.ua ([127.0.0.1])
	by localhost (gandalf.osk.com.ua [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 51590-02; Mon, 26 Dec 2005 18:02:46 +0200 (EET)
Received: from OLEG (unknown [192.168.82.111])
	by gandalf.osk.com.ua (Postfix) with ESMTP id 15D7D78C1C;
	Mon, 26 Dec 2005 18:02:46 +0200 (EET)
Date: Mon, 26 Dec 2005 17:56:31 +0200
From: Oleg Tarasov <subscriber@osk.com.ua>
X-Mailer: The Bat! (v3.0.1.33) Professional
X-Priority: 3 (Normal)
Message-ID: <1122736554.20051226175631@osk.com.ua>
To: FreeBSD MailList <subscriber@osk.com.ua>
In-Reply-To: <1687545235.20051226134150@osk.com.ua>
References: <1687545235.20051226134150@osk.com.ua>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at osk.com.ua
Cc: freebsd-net@freebsd.org
Subject: Re: Router on 6.0-stable fails to route tcp packets due to NAT??
	malfunction
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: FreeBSD MailList <subscriber@osk.com.ua>
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Dec 2005 15:58:43 -0000

Hello,

Further analysis brought me to a conclusion that the problem is in MTU
values. Changing MTU on client machines made everything work fine -
but as I know this is not right. If packets are routed between
different MTU interfaces they have to be fragmented or something. If
fragmentation is impossible due to "dont fragment" bit set an icmp
packet "Need Fragmentation" should be sent to packet sender.

As I know web and ftp packets dont have "dont fragment" bit set so
packet fragmentation should apply normally what doesn't happen.

Reading my firewall configuration we can see that any icmp packets can
go freely through it so the reason of such malfunction is unknown to
me. Also there are rules that allow passing of fragmented packets
freely. Anyway the firewall configuration was copied from another
production system which also has different MTU's on interfaces.

Can anyone tell me what is the problem?

-- 
Best regards,
 Oleg Tarasov                          mailto:subscriber@osk.com.ua