Path MTU discovery not working with NAT and Proxy
Hello,
I am having trouble with path MTU discovery in my linux network. Let me describe my setup.
Client <-GRE Tunnel-> DNAT box <-> Proxy <-> Web
Basically here is what I am trying to do: I make an HTTP request to, say, slashdot.org on the client. The request goes through the GRE tunnel to the DNAT box, is transparently DNATed to the proxy server on port 8080, which serves the request. Slashdot server sends back a response, which goes back through the proxy, to the DNAT box, and eventually to the client. Unfortunately the MTU of the client is less than that of the DNAT or Proxy, and the no-fragment flag is set, so the client sends an ICMP Type 3 code 4 (destination unreachable, fragmentation need) back, which reaches the DNAT box, and is then dropped. I am not sure why this ICMP is not being sent back to the proxy. Can someone give me some insight as to why this might be happening and how it can be fixed? Let me know if I need to provide any additional information.
|