Hello Netfilter list, Can anyone tell me (or point me to a link) how MTU detection works in a masqueraded environment? I.e. are there different MTU's for inside and outside networks (meaning the masquerading router would see the inside traffic as separate from outside traffic), or is the inside MTU copied to the outside interface - i.e. the whole thing is seen as one sort of "broken up" connection? (On a side note (and somewhat related) I read that the MASQUERADE target does the same as the ancient "defragment all" option in the kernel, but I can't find information about that). (Background of my question is that MTU in IPsec tunnels is not correctly evaluated, and when you have an IPsec tunnel that terminates on a masquerading router, you get to see 13:57:30.240329 $router > $outside: icmp: $router unreachable which is rather odd - and prevents further communication. See http://bugzilla.kernel.org/show_bug.cgi?id=1148) (please note that my previous message about this had some nonsensical source listing, it pointed to ip_output.c to send icmp frag_needed, which has nothing to do with the above). Valentijn -- http://www.openoffice.nl/ Open Office - Linux Office Solutions Valentijn Sessink valentyn+sessink@xxxxxxxxxxxxxxxxxxxx
