[vortex] Problems with Redhat 7.1 and 3c095c

[ruben@nutz.nl]

On Sun, Oct 14, 2001 at 02:21:07AM -0700, Bill MacAllister wrote:

> In some notes that I read about setting up ADSL a problem with mentioned
> with an MTU setting of 1500 and passing packets over PPP.  Basically, all
> packets were getting fragmented into a big and small packet.  The solution
> was to drop the MTU.  I tried it and that has fixed the problem that I was
> seeing.  So, in the end it was the network.

Which is why I kept insisting on knowing details about your ipchains/tables
config. If you block ICMP_FRAG_NEEDED-packets you'll effectively disable the
mechanism IP uses to find the lowest MTU on a link, the MTU-path-discovery. 

Problems with path-discovery used to be extremely rare, but ever since ADSL
became popular I see a quick rise in these problems. Most often its
windows-users, preferably the kind that can't tell the difference between a
packet and a frame, which install C00l-H4x0r5h13ld v0.1.0.99alpha, and
combine that with MTU-tweak and other ill-conceived trash.

If your system needs to know the lowest MTU on the link, it sends out frames
of decreasing size, with the DF-flag set, and wait for the flood of
ICMP_FRAG_NEEDED (but DF set) to stop. Block all ICMP type 3 messages, and
this mechanism will fail. And if your ADSL-line uses PPPoE (and many do) you
will run into problems. 'Normal' ethernet MTU is 1500 bytes, but after
encapsulating in PPPoE you have only 1454 bytes left. The encap itself
effectively steals 46 bytes from your frames. The solution is to allow at
the very least all ICMP type 3 messages *in*.

-- 
Ruben

	Q: How many IBM 370's does it take to execute a job?

	A: Four. Three to hold it down, and one to rip its head off.