[PATCH] fff-gateway: Send ICMP errors using inbound ifaddr
Fabian Bläse
fabian at blaese.de
So Aug 2 19:55:02 CEST 2020
When using NATs and tunnels at the same time, the correct
source address has to be used so the ICMP errors is sent
through the NAT. This is necessary so the NAT can modify
the ICMP payload so it is correctly identified by the
destination host, which is required for PMTUD
Fixes: #142
Signed-off-by: Fabian Bläse <fabian at blaese.de>
---
.../fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf
index 62bda1b..885afb7 100644
--- a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf
+++ b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf
@@ -3,3 +3,6 @@ net.ipv4.conf.all.forwarding=1
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.default.forwarding=1
+
+# Use inbound ifaddr for icmp errors to ensure correct PMTUD when using far-away NAT
+net.ipv4.icmp_errors_use_inbound_ifaddr=1
--
2.28.0
Mehr Informationen über die Mailingliste franken-dev