From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id EA08D1381F3 for ; Mon, 2 Sep 2013 22:30:02 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CC66CE0D98; Mon, 2 Sep 2013 22:29:57 +0000 (UTC) Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8FCFCE0D00 for ; Mon, 2 Sep 2013 22:29:56 +0000 (UTC) Received: by mail-wi0-f178.google.com with SMTP id hn9so1174801wib.5 for ; Mon, 02 Sep 2013 15:29:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=Aelyfqx/gt/XZm75otOP9XYkNAs4NPfHH38a2be8j3w=; b=ji37NteWfnvEVlP3Xh7S2xFo4JY9RGsicMtZSWhkUkFdbw57J+XLyKD94/JU0wl6x9 uhQlA9OUiuY+EpFvPQHYfTXGRxAgkq716SkNR5lKmpNvXVIX95hxl8+MXCq+nHpGRqj8 kVDNOLbavOg5Xjq16srOhjGf5LhJd+D7MSXJmgKUN/RIJnqVjdD4VaXS/GzBj14gxBXQ 2DBT5zab6fe56chplbBDusIrKjO/YlEXl58Kp0XBAkXrB5PlBxyNy92+13whnCZL4Laa PGO8ZPL1aqtidZm1Zdu5yqWW/fyAgSx3h5jGlz0E0hPiSaKULGElPNpfCNuF9cKp3uJS kXsQ== X-Received: by 10.194.89.38 with SMTP id bl6mr112235wjb.50.1378160995247; Mon, 02 Sep 2013 15:29:55 -0700 (PDT) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPSA id bh5sm21055035wib.7.1969.12.31.16.00.00 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 02 Sep 2013 15:29:54 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] PMTUD Date: Mon, 2 Sep 2013 23:29:33 +0100 User-Agent: KMail/1.13.7 (Linux/3.10.7-gentoo; KDE/4.10.5; x86_64; ; ) References: <201309011951.25378.michaelkintzios@gmail.com> In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart4644790.zKaLtfaRu1"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201309022329.51832.michaelkintzios@gmail.com> X-Archives-Salt: 50cc3865-2178-4109-8d32-fad69629812f X-Archives-Hash: 4241eeb84ae15569e4f1acebba1b112c --nextPart4644790.zKaLtfaRu1 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Monday 02 Sep 2013 19:34:25 Grant wrote: > Here's my layout: >=20 > laptop+shorewall (MTU:1500) -> hotel router (MTU:?) -> internet -> > Westell modem/router (MTU:1492) -> desktop+shorewall (MTU:1500) >=20 > Shouldn't PMTUD change the desktop's MTU to 1492? =20 Your desktop's PMTUD will get an ICMP response from Westell as it tries to= =20 traverse through it and it will adjust the outgoing packet size accordingly. Ditto with your laptop, when it tries to establish a connection with your=20 desktop. > Is the fact that it > doesn't due to a flaw in the Westell's operation? Should I manually > change the desktop's MTU to 1492 along with that of other systems on > its LAN? It won't harm if you do. However, we don't know for a *fact* that the West= ell=20 is not returning the appropriate ICMP packets (Type 3, Code 4) to your lapt= op,=20 or your desktop. You can use tcpdump to see what's being sent back and forth. > > If you are using Shorewall at your remote server I would expect it to > > behave properly and return the correct ICMP packet when it receives a > > DF. However, I am not familiar with the Shorewall properties and > > settings, so if you suspect this as the cause of your problem it would > > be better if you look into it properly. >=20 > So I'm sure I understand, this doesn't apply if ICMP is dropped at the > Westell? ICMP echo request may be dropped by Westell's firewall, but ICMP Type 3, Co= de=20 4 could well be returned when a TCP connection is being initiated by your=20 laptop. I don't know how ham-fisted Westell's firewall settings are. Meanwhile, stating the obvious, have you tried using the desktop squid prox= y=20 while you are inside your LAN with the same laptop to see if the problem=20 remains? =2D-=20 Regards, Mick --nextPart4644790.zKaLtfaRu1 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQEcBAABAgAGBQJSJRFfAAoJELAdA+zwE4Yetj8IAInTebGESB5wmGJJL9HdkuHB 2QTYONlR+WFQvSVgHn5fmTXlVaKAIZChM7/jcR67G3RlrZiAEIpS1mAKXQMvHRxW E8Z4EUKvcvCalX82kaGxNeSRSoWQ+yZy4amzJCDzDnZnQSRPlQ/XhBl/Jeb+9ZLh 19a2lLcGbA6HDsIbC2kV3VjbViOiHdYIhC7UqFVs0SI35+Kwn7Xr+PeRnoZpzzSG egjQmG+RAiMrNJ4XmV4bwgy0fmkZdqL9SjpzKpcCpbix9PMvVTyw27RWPyXhty6v tX4ydzyLE4v78D4ISXRXunSbTG0fokAR34MaQa1XkAlUp873+e03HEEldEPtAh8= =biMb -----END PGP SIGNATURE----- --nextPart4644790.zKaLtfaRu1--