From owner-freebsd-questions@FreeBSD.ORG Wed Apr 12 12:36:35 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 16EA016A401 for ; Wed, 12 Apr 2006 12:36:35 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from matrix.teledomenet.gr (dns1.teledomenet.gr [213.142.128.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7377643D45 for ; Wed, 12 Apr 2006 12:36:33 +0000 (GMT) (envelope-from nvass@teledomenet.gr) Received: from [192.168.1.71] ([192.168.1.71]) by matrix.teledomenet.gr (8.12.10/8.12.10) with ESMTP id k3CCaWdP022368; Wed, 12 Apr 2006 15:36:32 +0300 From: Nikos Vassiliadis To: freebsd-questions@freebsd.org Date: Wed, 12 Apr 2006 15:35:18 +0300 User-Agent: KMail/1.9.1 References: <20060412083426.89543.qmail@web15810.mail.cnb.yahoo.com> In-Reply-To: <20060412083426.89543.qmail@web15810.mail.cnb.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200604121535.19042.nvass@teledomenet.gr> Cc: Arnold Lee Subject: Re: problem with ipfilter(ipnat) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Apr 2006 12:36:35 -0000 On Wednesday 12 April 2006 11:34, Arnold Lee wrote: > I am in a small lan and want to use fb 6.0 as a router to share internet > access. I use mpd 3.18 to dial adsl on demand. I configured ipnat with : > map rl0 10.0.0.0/8 -> 0.0.0.0/32 portmap tcp/udp auto > map rl0 10.0.0.0/8 -> 0.0.0.0/32 > And then I use my client compute(windows 2000 Pro) to access internet, it > seems ok, but soon I realize that there are some websites I can not access! > For example, www.chinaunix.net is unacessable! So are some ftp sites such > as ftp.freebsd.org. It must be a problem of the FB6 box, because if i > access internet directly from the win2000 box, all those sites above is ok > ! what is wrong? By the way, I donot use ipfirewall and other firewall, and > in rc.conf, I wrote "ipfilter_enable = NO, ipnat_enable= YES". Can you help > me? I can try. It might be a PMTU problem. A quick way testing PMTU related problems is setting a small (below 1400) MTU on your nic. If you have another Unix-like OS on your lan(besides your router) you can try a smaller MTU like this "ifconfig nic mtu 1000" and see what's going on. If you don't have another Unix-like OS, go to step 2 (Windows can also change MTU size but the procedure is not that simple, google for it if you want it). 2) I recall that I have seen something relative in ipf. It's here: http://www.netbsd.org/Documentation/network/pppoe/#clamping a quick search in man 5 ipf.conf for "clamp" returned no results, but that's the case for NetBSD man aswell. I guess it is not documented in the manual. Try it. there is also ng_tcpmss(4), which does the job and is what I have used in the past with success there are other sollutions too(an mpd option, is it working? a daemon (tcpmssd)) but I am not familar with... HTH > > > --------------------------------- > 无限容量雅虎相册,原图等大下载,超快速度,赶快抢注! > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"