Centos – Problem with path MTU discovery over pppd

I'm having an issue with pppd doing PPPoE on CentOS 6.3.

The CentOS system is a dedicated router/gateway which performs NAT (both directions) and various packet filtering. It has separate NICs for the LAN and Internet side, eth0 and eth1, respectively.

On the Internet side is a DSL modem. The modem likes doing everything itself, including NAT. In order to prevent it from doing so I have to give it invalid account info and then implement PPPoE on the CentOS system.

I had a problem when doing PPPoE on the CentOS system with Internet connectivity being very flaky. Clients could access some sites and not others, some web pages would half-load and then always stop at the same position, and TCP connections would often reset.

I've isolated this down to an MTU issue. I can get any given client system (all Windows) on the LAN side working fine by reducing its MTU down to 1492 from the standard 1500.

On the other hand, if I allow the modem to do PPPoE and NAT, enable IP and the DHCP client on eth1, and set my IP filtering script to route to eth1 instead of ppp0, clients work fine with their MTU set to 1500. (The problem with this config is that double NAT can impact performance and makes inbound connection routing trickier.)

Ping testing (with DF) reveals that the Internet-bound MTU is actually still limited to 1492, even though the clients don't need to be set as such.

It therefore seems that clients are normally doing path MTU discovery but that pppd (or perhaps NetFilter) is somehow getting in the way of it.

I normally have NetFilter (iptables) on the CentOS system set to drop all INPUT and OUTPUT traffic (since the system's only job is forwarding). I tried temporarily changing these policies to ACCEPT, in case path MTU discovery was depending on ICMP errors from it, but the problem remained.

I'm not at all experienced in PPPoE and am hoping someone might be able to point me in the right direction. Thanks!