PMTUD and NAT?

Allen bsdlists at rfnj.org
Mon Oct 3 08:10:46 PDT 2005


Having an issue here, looks similar to bin/78424 which is listed as 
open and low priority, but no assignments or comments.  The problem 
is pretty straight forward, though a solution to it seems like it's 
all-or-nothing.

The issue is that when using a box with PMTU discovery behind a NAT, 
the NAT is effectively a blackhole, as the ICMP packets coming back 
from the remote end aren't NATed and passed back through.  The only 
option seems to be to disable PMTUD on all the clients behind the nat.

FWIW my situation for testing here is a Freebsd 5-STABLE (5.4 
cvsupped as of yesterday) box running ipfw and ipnat, workstations 
behind it are a mix of FreeBSD and WinXP.  I of course would like to 
leave PMTU discovery on on the clients behind the NAT, but so far 
this seems like a pipe dream.



More information about the freebsd-stable mailing list