From owner-freebsd-net@FreeBSD.ORG Tue Dec 27 15:57:49 2005 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB4B616A420; Tue, 27 Dec 2005 15:57:49 +0000 (GMT) (envelope-from subscriber@osk.com.ua) Received: from gandalf.osk.com.ua (osk.com.ua [195.5.17.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9713F43D8A; Tue, 27 Dec 2005 15:57:40 +0000 (GMT) (envelope-from subscriber@osk.com.ua) Received: from localhost (localhost [127.0.0.1]) by gandalf.osk.com.ua (Postfix) with ESMTP id C4DC178C1D; Tue, 27 Dec 2005 18:01:37 +0200 (EET) Received: from gandalf.osk.com.ua ([127.0.0.1]) by localhost (gandalf.osk.com.ua [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 58954-10; Tue, 27 Dec 2005 18:01:37 +0200 (EET) Received: from OLEG (unknown [192.168.82.111]) by gandalf.osk.com.ua (Postfix) with ESMTP id 0B41178C1C; Tue, 27 Dec 2005 18:01:36 +0200 (EET) Date: Tue, 27 Dec 2005 17:55:19 +0200 From: Oleg Tarasov X-Mailer: The Bat! (v3.0.1.33) Professional X-Priority: 3 (Normal) Message-ID: <1945317870.20051227175519@osk.com.ua> To: Gleb Smirnoff In-Reply-To: <20051227002927.GH1496@FreeBSD.org> References: <1687545235.20051226134150@osk.com.ua> <1122736554.20051226175631@osk.com.ua> <20051227002927.GH1496@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at osk.com.ua Cc: freebsd-net@FreeBSD.org Subject: Re: Router on 6.0-stable fails to route tcp packets due to NAT?? malfunction X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD MailList List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Dec 2005 15:57:50 -0000 Hello, Gleb Smirnoff wrote: > The problem is that you've got a PPPoE link between local net and internet. > (internet cloud, MTU 1500)-(your ISP)-[mtu 1492]-(your server)-[mtu 1500]-(your > clients). > So, when your Windows create a new outgoing connection they set TCP MSS > value to 1460, since they don't know about a 1492 MTU link on the way. > And this link limits TCP MSS to 1452. > There are numerous solutions to fix this: > 1) ports/net/tcpmssd - a divert daemon, like natd. You need to divert > traffic thru it, and it will alter the TCP MSS value to set limit. > 2) ng_tcpmss(4) - a netgraph node, implementing same code in kernel. > You usually need ng_ipfw(4) to divert traffic via ng_tcpmss(4) > 3) Recently I have committed ng_tcpmss support into mpd, but this > code is not yet included into any new release. If you are brave, > you can checkout mpd from CVS and use it. It will configure ng_tcpmss > node automatically. I have analysed the problem further and came to a conclusion that my ISP's server is blocking ICMP type 3 packets what leads to the malfunction. I have the latest version of ported mpd (3.18_3) installed and tried to insert set iface enable tcpmssfix but no positive result, but I understand that this option should help in this situation. Can you possibly tell me what am I doing wrong? I'll say again that setting MTU on client machine to 1492 helps. What can be the reason for tcpmssfix option not to be working? Maybe there should be an additional kernel module loaded? I didnt find any words mentioning usage of tcpmssfix in mpd's log file. -- Best regards, Oleg Tarasov mailto:subscriber@osk.com.ua