On Tue, May 28, 2024 at 09:09:20PM +0200, Marco Moock wrote: > Am 28.05.2024 um 18:48:38 Uhr schrieb Peter: > > > On Tue, May 28, 2024 at 12:25:03PM +0200, Marco Moock wrote: > > > > > Now we add an IPv6 address for 'myhost'. But portforwarding > > > > doesn't work for IPv6. Instead we are required to use different > > > > addresses all over, like so: > > > > > > port forwarding would work, but is nasty here. Redirectors like rinetd > > > can handle that, but I recommend against in this case. > > > > I tried it, and didn't get around the Path MTU discovery: Forward SNMP > > to one host, HTTP to another - which one then gets the ICMPv6 2.0 > > "message too big"? > > rinetd manages 2 separate connections and should work with PMTUD.
I'm wondering how it would. The connections are TCP, the PMTU works via ICMP6. So I would assume, the ICMP "packet too big" message reaches the host where rinetd runs, is swallowed by the kernel, and the kernel sets the MTU in it's hostcache. Or something along that line. The TCP traffic however gets forwarded by rinetd to the internal appserver(s) - which never get the message that they should reduce their MTU. > Did you use that or another way? I didn't find that one. I tried two other tools for connection forwarding, they were unsatisfactory. And then I did things with NPTv6 (which is fun). With NPTv6 I can forward the ICMP alongside with the connection traffic, and that works - but obviousely to only *one* internal host. > PS: I still recommend pointing to the machines that host the stuff > instead of having a middlebox that might create additional headache > like improper logging, performance issues. :-) Absolutely, in any regular business scenario where proper connectivity is mandatory. But this here is my fancy evaluation site where I can do all kinds of things that are too ambitioned (or too crazy) for regular sites. ;) Like routing stuff half around the world for no reason, Or running clockwork-orange... yeah, this is clockwork orange: https://dnsviz.net/d/icall.icu/dnssec/ High availability, continuous rollover, changes keys every 4 days - but then, too obese for normal operations. Anyway, mine is the longest. :) Okay, enough of the nonsense. Occasionally I just feel the need to modestly ask how people would normally solve a task, before I start hacking something crazy... Cheerio & greetings, PMc P.S. I edited the quote-symbol for You. Hope I'll remember. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
