MTU bug
-
Hi all,
if this is the wrong place to post a bug that i've found, i apologize.
I changed my MTU to 1472 because i thought that was the correct mtu setting for my cable internet (comcast).
I realized that i was wrong and i should've left it at the default 1500.
Upon attempting to reset the mtu size back to 1500, nothing changes.
I've attempted to reset it via the gui several times, even after reboots but the gui still reads 1472.
-
@jc1976 So you're saying you cleared the MTU setting under your WAN interface and when you check it still shows up as 1472
My set up is below
-
@michmoor i didn't clear it, i just typed 1500 in the space and hit save, and every time i went back to the page it said 1472.
when i get home, i'll try clearing and saving as you did, to see if that returns it to 1500.
Thanks!
-
@jc1976 Hey sorry for not getting back sooner.. was away for a while and just remembered..
Anyway, no dice on the mtu settings. i released my wan ip, blanked out the MTU box.. still comes back as 1472.
rebooted the box, same thing.. it's as if the "save" button at the bottom isn't working.. clicked on it several times but that didn't change anything.
-
If you're using DHCP, then the MTU will be set automagically to whatever the ISP sets it to.
-
@jknott certainly possible but the OP stated he changed his MTU so I assume it was once at 1500
Firewall: NetGate,Palo Alto-VM,Juniper SRX
Routing: Juniper, Arista, Cisco
Switching: Juniper, Arista, Cisco
Wireless: Unifi, Aruba IAP
JNCIP,CCNP Enterprise -
so I assume it was once at 1500
But maybe it wasn't.
If the MTU setting has been removed entirely from pfSense I would recommend power cycling the firewall completely. Some NICs will retain settings across a reboot.
Steve
-
@jknott certainly possible but the OP stated he changed his MTU so I assume it was once at 1500
The question becomes whether the DHCP client overrides a manual config. Normally, you don't set MTU with DHCP. Perhaps he could set the MTU before connecting and see if it retains the setting after.
-
Another thing he could do is run Packet Capture to see if DHCP option 26 is used and what value it is.
-
Yeah it would be very unusual to see that set.
-
My internet connection is typical cable provided by comcast/xfinity so yes, it's dhcp.
when i adjusted the mtu, i arrived at 1472 by plugging my laptop directly into the modem and running the commands until it stopped fragmenting, and then i used that number input the mtu size in pfsense, so i was able to adjust it.
i've rebooted the firewall a few times, so it's definitely locked to that number where rebooting wouldn't solve the problem.
seems like for me to correct the setting i'd have to manually edit a config file.
-
But did you fully power cycle it? Like actually remove the power rather than just reboot?
On many devices the NICs remain powered across a reboot and will retain their state.
-
when i adjusted the mtu, i arrived at 1472 by plugging my laptop directly into the modem and running the commands until it stopped fragmenting, and then i used that number input the mtu size in pfsense, so i was able to adjust it.
On the WAN interface, you have to use the MTU your ISP uses. Otherwise, some frames may be discarded. Do you know where the fragmenting is happening? It could be anywhere between you and the destination. You can determine that by looking at the source address of the ICMP messages. Fragmentation is the mechanism to get around the different MTUs and is entirely normal, though these days Path MTU Detection is often used and is mandatory with IPv6. Also, what was fragmenting? On Linux PMTUD is generally used for everything and with TCP on Windows.
-
@stephenw10 yes, fully powered off. changed the setting, shut the pfsense box off, turned off the modem, and went away for the weekend. Still hangs onto 1472.
-
@jknott that i don't know.
I arrived at 1472 by plugging my win10 laptop directly into the modem and pinging with the flag set at whatever it was and working my way down until it stopped fragmenting. i didn't realize that the 28bits for the header were to be added onto the mtu size once the fragmentation limit was found. it's all fine, works great without any issue. just thought you'd all like to know about my experience.
