Date: Fri, 8 Dec 2000 00:10:40 -0800 (PST) From: John F Cuzzola <vdrifter@ocis.ocis.net> To: security@freebsd.org Subject: pipsecd+ipfw fwd Message-ID: <Pine.LNX.4.21.0012072358260.27161-100000@ocis.ocis.net>
next in thread | raw e-mail | index | archive | help
Hello all, I'm using pipsecd from the ports collection and it seems to do the job (for my purposes anyway). I've noticed however that when configuring the tunnel device the author recommends a MTU of 1440. Recently I added a firewall rule like: ipfw add fwd <virtual ip address of tunnel> ip from <private net> to any to force the next hop through the tunnel. Well it didn't work, it did for small amounts of data but not larger ones which lead me to suspect a path MTU discovery problem. I reconfigured the tunnel device for a MTU of 1500 and it works great. My question is when using ipfw fwd what happens if the size of the packet exceeds the MTU of the device? When IPFW FWDing does ICMP 3.4 messages get sent back for large packets whos dont fragment bit is set? or does that packet just get dropped? It would appear the icmp 3.4 message doesn't get sent back but that could be because of the pipsecd port. Kindof curious & thanks, John To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.21.0012072358260.27161-100000>