| Message ID | 20200802175502.451663-5-fabian@blaese.de |
|---|---|
| State | Accepted |
| Headers | show |
diff --git a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf index 62bda1b..885afb7 100644 --- a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf +++ b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf @@ -3,3 +3,6 @@ net.ipv4.conf.all.forwarding=1 net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 net.ipv6.conf.default.forwarding=1 + +# Use inbound ifaddr for icmp errors to ensure correct PMTUD when using far-away NAT +net.ipv4.icmp_errors_use_inbound_ifaddr=1
Reviewed-by: Christian Dresel <fff@chrisi01.de> On 02.08.20 19:55, Fabian Bläse wrote: > When using NATs and tunnels at the same time, the correct > source address has to be used so the ICMP errors is sent > through the NAT. This is necessary so the NAT can modify > the ICMP payload so it is correctly identified by the > destination host, which is required for PMTUD > > Fixes: #142 > Signed-off-by: Fabian Bläse <fabian@blaese.de> > --- > .../fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf > index 62bda1b..885afb7 100644 > --- a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf > +++ b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf > @@ -3,3 +3,6 @@ net.ipv4.conf.all.forwarding=1 > net.ipv4.ip_forward=1 > net.ipv6.conf.all.forwarding=1 > net.ipv6.conf.default.forwarding=1 > + > +# Use inbound ifaddr for icmp errors to ensure correct PMTUD when using far-away NAT > +net.ipv4.icmp_errors_use_inbound_ifaddr=1 >
Reviewed-by: Robert Langhammer <rlanghammer@web.de> Am 02.08.20 um 19:55 schrieb Fabian Bläse: > When using NATs and tunnels at the same time, the correct > source address has to be used so the ICMP errors is sent > through the NAT. This is necessary so the NAT can modify > the ICMP payload so it is correctly identified by the > destination host, which is required for PMTUD > > Fixes: #142 > Signed-off-by: Fabian Bläse <fabian@blaese.de> > --- > .../fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf > index 62bda1b..885afb7 100644 > --- a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf > +++ b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf > @@ -3,3 +3,6 @@ net.ipv4.conf.all.forwarding=1 > net.ipv4.ip_forward=1 > net.ipv6.conf.all.forwarding=1 > net.ipv6.conf.default.forwarding=1 > + > +# Use inbound ifaddr for icmp errors to ensure correct PMTUD when using far-away NAT > +net.ipv4.icmp_errors_use_inbound_ifaddr=1
Merged. > -----Original Message----- > From: franken-dev [mailto:franken-dev-bounces@freifunk.net] On Behalf > Of Fabian Bläse > Sent: Sonntag, 2. August 2020 19:55 > To: franken-dev@freifunk.net > Subject: [PATCH] fff-gateway: Send ICMP errors using inbound ifaddr > > When using NATs and tunnels at the same time, the correct source address > has to be used so the ICMP errors is sent through the NAT. This is necessary > so the NAT can modify the ICMP payload so it is correctly identified by the > destination host, which is required for PMTUD > > Fixes: #142 > Signed-off-by: Fabian Bläse <fabian@blaese.de> > --- > .../fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff- > gateway.conf b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff- > gateway.conf > index 62bda1b..885afb7 100644 > --- a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf > +++ b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.con > +++ f > @@ -3,3 +3,6 @@ net.ipv4.conf.all.forwarding=1 > net.ipv4.ip_forward=1 > net.ipv6.conf.all.forwarding=1 > net.ipv6.conf.default.forwarding=1 > + > +# Use inbound ifaddr for icmp errors to ensure correct PMTUD when using > +far-away NAT > +net.ipv4.icmp_errors_use_inbound_ifaddr=1 > -- > 2.28.0
When using NATs and tunnels at the same time, the correct source address has to be used so the ICMP errors is sent through the NAT. This is necessary so the NAT can modify the ICMP payload so it is correctly identified by the destination host, which is required for PMTUD Fixes: #142 Signed-off-by: Fabian Bläse <fabian@blaese.de> --- .../fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf | 3 +++ 1 file changed, 3 insertions(+)