From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-150394-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id F085F1381F3
	for <garchives@archives.gentoo.org>; Thu,  5 Sep 2013 12:52:26 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 22534E0E8E;
	Thu,  5 Sep 2013 12:52:16 +0000 (UTC)
Received: from mail-wi0-f173.google.com (mail-wi0-f173.google.com [209.85.212.173])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 0A965E0E67
	for <gentoo-user@lists.gentoo.org>; Thu,  5 Sep 2013 12:52:14 +0000 (UTC)
Received: by mail-wi0-f173.google.com with SMTP id hq15so3085816wib.0
        for <gentoo-user@lists.gentoo.org>; Thu, 05 Sep 2013 05:52:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=RAi5/BaRFm+jXZVo2dNXMrFRIWnLQzBQ441hpwxS6kc=;
        b=JH4smKbXWLG0HqG2VGMHxFQH24BSWNkppbuGJalBVJgodp1u272UMUybW/vz3ODOlm
         +DTql4vItnE7s9eDHXX8VB46Egu7s9PT4gIkn3eHjuKX4Lq+dnPClR9tqV4bWZOsZfgV
         9nicoeU/eZbCCJNA3ZmaIA7z/dch5VBzcHktLXPa+QZdKviwwy/5+uJXNwUUc+R6GF8y
         LZc9R8qUExWmhZEUS8rxmIejjjRCdhkqbnfN4PoOB7YjLlI6IWvjaSdENGkDmfGawAuY
         0uNV8QvcesjFvFgLv09CnpsuQFMdZlcSQV3Er35CvUD2rxNU2go5lTOxpgLc4Yw0hA6K
         uFWA==
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
X-Received: by 10.180.218.103 with SMTP id pf7mr2128896wic.56.1378385533677;
 Thu, 05 Sep 2013 05:52:13 -0700 (PDT)
Received: by 10.194.93.199 with HTTP; Thu, 5 Sep 2013 05:52:13 -0700 (PDT)
In-Reply-To: <201309022329.51832.michaelkintzios@gmail.com>
References: <CAN0CFw1NOD-cfwwOZuU8geHbLP7kzgc9FRGa+3nRFp9sbBGowA@mail.gmail.com>
	<201309011951.25378.michaelkintzios@gmail.com>
	<CAN0CFw0mLCnp439iy35Hx0vx5yyeCAVheVjrPKVFOR0+Wya3Nw@mail.gmail.com>
	<201309022329.51832.michaelkintzios@gmail.com>
Date: Thu, 5 Sep 2013 05:52:13 -0700
Message-ID: <CAN0CFw3tv=5aU0z_twQHC6xqcDnBmuQ1Op6s3YDiPEBXeHCNmg@mail.gmail.com>
Subject: Re: [gentoo-user] PMTUD
From: Grant <emailgrant@gmail.com>
To: Gentoo mailing list <gentoo-user@lists.gentoo.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Archives-Salt: 3d8fcad3-d875-4036-a1f5-8f1620f59e69
X-Archives-Hash: 7c5ebcd084818531daf4f7bdd7c6df32

>> Here's my layout:
>>
>> laptop+shorewall (MTU:1500) -> hotel router (MTU:?) -> internet ->
>> Westell modem/router (MTU:1492) -> desktop+shorewall (MTU:1500)
>>
>> Shouldn't PMTUD change the desktop's MTU to 1492?
>
> Your desktop's PMTUD will get an ICMP response from Westell as it tries to
> traverse through it and it will adjust the outgoing packet size accordingly.
>
> Ditto with your laptop, when it tries to establish a connection with your
> desktop.
>
>
>> Is the fact that it
>> doesn't due to a flaw in the Westell's operation?  Should I manually
>> change the desktop's MTU to 1492 along with that of other systems on
>> its LAN?
>
> It won't harm if you do.  However, we don't know for a *fact* that the Westell
> is not returning the appropriate ICMP packets (Type 3, Code 4) to your laptop,
> or your desktop.
>
> You can use tcpdump to see what's being sent back and forth.

Ah, so PMTUD doesn't actually change the setting reported by ifconfig.
 It's done on-the-fly.

>> > If you are using Shorewall at your remote server I would expect it to
>> > behave properly and return the correct ICMP packet when it receives a
>> > DF.  However, I am not familiar with the Shorewall properties and
>> > settings, so if you suspect this as the cause of your problem it would
>> > be better if you look into it properly.
>>
>> So I'm sure I understand, this doesn't apply if ICMP is dropped at the
>> Westell?
>
> ICMP echo request may be dropped by Westell's firewall, but ICMP Type 3, Code
> 4 could well be returned when a TCP connection is being initiated by your
> laptop.  I don't know how ham-fisted Westell's firewall settings are.
>
> Meanwhile, stating the obvious, have you tried using the desktop squid proxy
> while you are inside your LAN with the same laptop to see if the problem
> remains?

That's a fine idea and I will do so once I get back there.  Thanks for
the education Mick. :)

- Grant