[NCLUG] cipe "virtual identity"
Kevin Fenzi
kevin at scrye.com
Fri May 9 15:47:12 MDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "listz" == listz <listz at hate.cx> writes:
listz> thanks for the help, i've got a tunnel (mostly) working after i
listz> started to play aroung with it. the problem i have now is that
listz> when i try to tunnel ssh my machines complain about MTU
listz> size. i've allowed icmp type 3 through the local firewall,
listz> however the connection is still not fragmenting to
listz> accomodate. any ideas? here is a snippet of some tcpdump
listz> output:
listz> 14:24:13.887049 99.41.5.59 > 99.41.5.60: icmp: 10.0.0.2
listz> unreachable - need to frag (mtu 1418) [tos 0xc0]
listz> 14:25:07.644738 99.41.5.59 > 99.41.5.60: icmp: 10.0.0.2
listz> unreachable - need to frag (mtu 1418) [tos 0xc0]
listz> i'm wondering because i'm nat'ing the cipe internal addresses
listz> if when the destination machine sees the "10.0.0.2 unreachable
listz> - need to frag" its just like "i don't care, i'm not talking to
listz> 10.0.0.2"
Humm... NAT should work fine as long as it's setup right...
I haven't ever seen CIPE complain about MTU like that before. Sounds
like something is going on with your NAT setup, or something in
between.
You might doublecheck your firewall (make sure type 3 icmp isn't being
denied) and your NAT rules.
kevin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>
iD8DBQE+vCHj3imCezTjY0ERAtEeAJ99QbWsoT6Gt+hfREo3FrK7EdMAJQCfZT80
DqXfT2nKtEOIjVuXhKFN5Ig=
=tj5J
-----END PGP SIGNATURE-----
More information about the NCLUG
mailing list