[PATCH] fff-gateway: Send ICMP errors using inbound ifaddr
Robert Langhammer
rlanghammer at web.de
So Aug 2 20:59:01 CEST 2020
Reviewed-by: Robert Langhammer <rlanghammer at web.de>
Am 02.08.20 um 19:55 schrieb Fabian Bläse:
> When using NATs and tunnels at the same time, the correct
> source address has to be used so the ICMP errors is sent
> through the NAT. This is necessary so the NAT can modify
> the ICMP payload so it is correctly identified by the
> destination host, which is required for PMTUD
>
> Fixes: #142
> Signed-off-by: Fabian Bläse <fabian at blaese.de>
> ---
> .../fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf
> index 62bda1b..885afb7 100644
> --- a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf
> +++ b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf
> @@ -3,3 +3,6 @@ net.ipv4.conf.all.forwarding=1
> net.ipv4.ip_forward=1
> net.ipv6.conf.all.forwarding=1
> net.ipv6.conf.default.forwarding=1
> +
> +# Use inbound ifaddr for icmp errors to ensure correct PMTUD when using far-away NAT
> +net.ipv4.icmp_errors_use_inbound_ifaddr=1
Mehr Informationen über die Mailingliste franken-dev