PF a NAT pro lokalni sit / MTU

Miroslav Lachman 000.fbsd at quip.cz
Sat Mar 23 08:56:06 CET 2019

Previous message (by thread): PF a NAT pro lokalni sit / MTU
Next message (by thread): PF a NAT pro lokalni sit / MTU
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dan Lukes wrote on 2019/03/23 07:20:
> Nejspis ho nekde po ceste nejaky spatne nastaveny filtr sezere.
> 
>> ifconfig na bge0 hlasi mtu 576 (ale proc?)
> 
> Oprava chyby (moji) v myslenkovem toku.
> 
> Neni nikdo, kdo by ICMP "fragmentation neede" zral a nema smysl ho hledat.
> 
> Chyba je v konfiguraci na tve strane - v ramci jedne LAN musi mit 
> vsechny sitove interface hodnotu MTU identickou. MTU se muze legitimne 
> menit jen pri pruchodu routerem.
> 
> Stanice neni schopna velky paket prijmout (tudiz na jeho prichod nemuze 
> reagovat zaslanim ICMP) a router nevi, ze konkretni destinace ma jinou 
> MTU a paket nebude prijmout schopna - takze taky nemuze odesilatele 
> informovat.
> 
> Pokud mas v LAN MTU 1500 a pripojis stanici, ktera ma MTU jen 576, 
> nemuze to fungovat.
> 
> Zadny problem s firewallem kdekoliv, problem je jen ta MTU na karte.

Mozna jsem to spatne popsal v predchozich e-mailech, tak to zkusim 
popsat jeste jednou srozumitelneji:

internet --- UPC modem --- router OLD --- LAN stanice

router OLD
    ext_if: xl0    mtu 1500
    int_if: rl0    mtu 1500

LAN stanice
    if: em0    mtu 1500

Kdyz odpojim "router OLD" a zapojim misto nej "router NEW" (s pouzitim 
stejnych kabelu, stejneho UPC modemu atd.

internet --- UPC modem --- router NEW --- LAN stanice

router NEW
    ext_if: bge0    mtu 576
    int_if: bge1    mtu 1500

LAN stanice
    if: em0    mtu 1500


Kdyz zapnu "router NEW", tak v logu najdu tohle

kernel: bge0: link state changed to DOWN
kernel: bge1: link state changed to DOWN
kernel: bge0: link state changed to UP
kernel: bge0: link state changed to DOWN
kernel: nd6_setmtu0: new link MTU on bge0 (576) is too small for IPv6
kernel: bge1: link state changed to UP
kernel: bge0: link state changed to UP

Kdyz na nem zkusim pustit

ifconfig bge0 mtu 1500

tak dojde k sekvenci DOWN, dhclient, UP a zase se na sitovce bge0 objevi 
mtu 576. Takze ho z nejakeho duvodu nastavuje dhclient / komunikace s 
UPC Modemem, ale netusim proc. Neni to obecne nastaveni site, protoze 
kdyz k modemu pripojim "router OLD", tak se s protejsi stranou domluvi 
na mtu 1500.

Mirek

Previous message (by thread): PF a NAT pro lokalni sit / MTU
Next message (by thread): PF a NAT pro lokalni sit / MTU
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list