| 1 |
>> Here's my layout: |
| 2 |
>> |
| 3 |
>> laptop+shorewall (MTU:1500) -> hotel router (MTU:?) -> internet -> |
| 4 |
>> Westell modem/router (MTU:1492) -> desktop+shorewall (MTU:1500) |
| 5 |
>> |
| 6 |
>> Shouldn't PMTUD change the desktop's MTU to 1492? |
| 7 |
> |
| 8 |
> Your desktop's PMTUD will get an ICMP response from Westell as it tries to |
| 9 |
> traverse through it and it will adjust the outgoing packet size accordingly. |
| 10 |
> |
| 11 |
> Ditto with your laptop, when it tries to establish a connection with your |
| 12 |
> desktop. |
| 13 |
> |
| 14 |
> |
| 15 |
>> Is the fact that it |
| 16 |
>> doesn't due to a flaw in the Westell's operation? Should I manually |
| 17 |
>> change the desktop's MTU to 1492 along with that of other systems on |
| 18 |
>> its LAN? |
| 19 |
> |
| 20 |
> It won't harm if you do. However, we don't know for a *fact* that the Westell |
| 21 |
> is not returning the appropriate ICMP packets (Type 3, Code 4) to your laptop, |
| 22 |
> or your desktop. |
| 23 |
> |
| 24 |
> You can use tcpdump to see what's being sent back and forth. |
| 25 |
|
| 26 |
Ah, so PMTUD doesn't actually change the setting reported by ifconfig. |
| 27 |
It's done on-the-fly. |
| 28 |
|
| 29 |
>> > If you are using Shorewall at your remote server I would expect it to |
| 30 |
>> > behave properly and return the correct ICMP packet when it receives a |
| 31 |
>> > DF. However, I am not familiar with the Shorewall properties and |
| 32 |
>> > settings, so if you suspect this as the cause of your problem it would |
| 33 |
>> > be better if you look into it properly. |
| 34 |
>> |
| 35 |
>> So I'm sure I understand, this doesn't apply if ICMP is dropped at the |
| 36 |
>> Westell? |
| 37 |
> |
| 38 |
> ICMP echo request may be dropped by Westell's firewall, but ICMP Type 3, Code |
| 39 |
> 4 could well be returned when a TCP connection is being initiated by your |
| 40 |
> laptop. I don't know how ham-fisted Westell's firewall settings are. |
| 41 |
> |
| 42 |
> Meanwhile, stating the obvious, have you tried using the desktop squid proxy |
| 43 |
> while you are inside your LAN with the same laptop to see if the problem |
| 44 |
> remains? |
| 45 |
|
| 46 |
That's a fine idea and I will do so once I get back there. Thanks for |
| 47 |
the education Mick. :) |
| 48 |
|
| 49 |
- Grant |
Archives