[PATCH] fff-gateway: Send ICMP errors using inbound ifaddr

[Adrian Schmutzler]

Merged.

> -----Original Message-----
> From: franken-dev [mailto:franken-dev-bounces at freifunk.net] On Behalf
> Of Fabian Bläse
> Sent: Sonntag, 2. August 2020 19:55
> To: franken-dev at freifunk.net
> Subject: [PATCH] fff-gateway: Send ICMP errors using inbound ifaddr
> 
> When using NATs and tunnels at the same time, the correct source address
> has to be used so the ICMP errors is sent through the NAT. This is necessary
> so the NAT can modify the ICMP payload so it is correctly identified by the
> destination host, which is required for PMTUD
> 
> Fixes: #142
> Signed-off-by: Fabian Bläse <fabian at blaese.de>
> ---
>  .../fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf     | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-
> gateway.conf b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-
> gateway.conf
> index 62bda1b..885afb7 100644
> --- a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.conf
> +++ b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-gateway.con
> +++ f
> @@ -3,3 +3,6 @@ net.ipv4.conf.all.forwarding=1
>  net.ipv4.ip_forward=1
>  net.ipv6.conf.all.forwarding=1
>  net.ipv6.conf.default.forwarding=1
> +
> +# Use inbound ifaddr for icmp errors to ensure correct PMTUD when using
> +far-away NAT
> +net.ipv4.icmp_errors_use_inbound_ifaddr=1
> --
> 2.28.0
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : openpgp-digital-signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 834 bytes
Beschreibung: nicht verfügbar
URL         : <https://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20200915/c797d1d1/attachment.sig>