Firewall Wizards mailing list archives
Re: Transparent proxies and PMTUD on the (WWW) serverside
From: Carson Gaspar <carson () taltos org>
Date: Wed, 27 Aug 2003 20:49:08 -0400
--On Wednesday, August 27, 2003 8:44 AM -0400 Rick Murphy <rmurphy () mitretek org> wrote:
Again, why? The proxy should be slurping up bits from the client and passing them up to the server (and vice-versa). The underlying IP stack handles PMTUd. There's no reason for the proxy to need to know that the PMTUd is taking place. (Or for the client to need to know, for that matter.)
Bzzzzt. Not if you enable transparent (or other) proxying which maintains the original source address (as was specified in the original example). This is usually given as a requirement for web servers, or other services that "need" to know who their clients are, and get unhappy when every request is from their own firewall.
Of course, the definition of "proxy" becomes fuzzy. The same code that rewrites the outbound connection to fake it's source address needs to handle all relevant response packets, including (but not limited to) ICMP Would Fragment. Call it part of the proxy or not, it still needs to work correctly.
-- Carson _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Transparent proxies and PMTUD on the (WWW) server side Patrick M. Hausen (Aug 21)
- R: Transparent proxies and PMTUD on the (WWW) server side edp (Aug 26)
- Re: Transparent proxies and PMTUD on the (WWW) server side Mikael Olsson (Aug 26)
- Re: Transparent proxies and PMTUD on the (WWW) server side Patrick M. Hausen (Aug 26)
- Re: Transparent proxies and PMTUD on the (WWW) server side Mikael Olsson (Aug 26)
- Re: Transparent proxies and PMTUD on the (WWW) server side Patrick M. Hausen (Aug 26)
- Re: Transparent proxies and PMTUD on the (WWW) server side Carson Gaspar (Aug 26)
- Re: Transparent proxies and PMTUD on the (WWW) server side Marcus J. Ranum (Aug 26)
- Re: Transparent proxies and PMTUD on the (WWW) serverside Mikael Olsson (Aug 26)
- Re: Transparent proxies and PMTUD on the (WWW) serverside Carson Gaspar (Aug 27)
- Re: Transparent proxies and PMTUD on the (WWW) serverside Rick Murphy (Aug 27)
- Re: Transparent proxies and PMTUD on the (WWW) serverside Carson Gaspar (Aug 28)
- Re: Transparent proxies and PMTUD on the (WWW) serverside Rick Murphy (Aug 28)
- Re: Transparent proxies and PMTUD on the (WWW) server side Marcus J. Ranum (Aug 26)