Michael wrote:

> If I understand this correctly, it is not up to my gateway to send these
> packets either. I did a heap of reading on the subject and apparently the
> router that is incapable of accepting or forwarding a given packet (for
> size) should drop the packet and send the ICMP unreachable packet. My
> gateway *can't* be the cause according to this because it never
> receives these data packets back and can receive 1460 byte packets
> from elsewhere. Perhaps there is something I am missing?
> I really appreciate your help with this, and I'd really like to know how
> you're determining where this problem is.

First thoughts - you are right in some ways. If the server tries to send
you an "oversized" packet then it should be the BRA that terminates the
far end of your pppoe that should be sending the icmp frag needed, not
any of your kit.

I am not so sure about receiving 1460 byte packets from elsewhere - 1460
is just the mss advertised = 1500 byte ip packet. It doesn't mean that
you ever get packets that size.

You are wrong in someways by dismissing setting mtu on lan machine to
1492 - this is the sort of thing you need to do to get pppoe to work
properly. PPPoE clients will often mss clamp tcp for you - you could do
the same with iptables if you really didn't want to alter lan machines.

Just because it worked with your provider server on bras doesn't mean
you can get away with not sorting your own mss/mtu. You can't rely on
other internet networks ever getting icmp frag needed - even if bras/bra
sends them properly.

I don't claim to have covered every possibility of what's going on here,
but if you want things to work for all sites irrespective of whether
they are broken for pmtu then you need to sort your end of things and
not rely on icmp.