From owner-freebsd-net@FreeBSD.ORG Tue Jan 27 02:03:54 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8AC59106564A for ; Tue, 27 Jan 2009 02:03:54 +0000 (UTC) (envelope-from sandiegobiker@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.226]) by mx1.freebsd.org (Postfix) with ESMTP id 5E8C38FC14 for ; Tue, 27 Jan 2009 02:03:54 +0000 (UTC) (envelope-from sandiegobiker@gmail.com) Received: by rv-out-0506.google.com with SMTP id g9so1000482rvb.3 for ; Mon, 26 Jan 2009 18:03:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=GFYkJWXE+XnaHhxcvrcEKtScNUUXcP/2O7uHBLPvFk4=; b=hS3iFua1XvnUsyzVWO0oJcyvb7CT+rXCJBf1mLb9GWmZtVIQ6hiBLNpjlExZqzpvmT mve0yghHQg4/0bHHz/COitTaTfORlTUYqbGDPi/pUvanhJib8M6huWToVklLIOpkFyU2 Iits+4pQLqXPaNIt4vJ24uC76qhI+c/nImOE4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=iUViYqEJEe4VNxZyKi1RUkGLbIpHpfqKESOG4McBwa3ns1hq+HasmS4jFxf2ILb7hR pyn3w7tLa60ljJ/SkNJE/rba8a8y9nzL6fWrrakXLCpubQG6e9NdiRCrpXwyy4U+hjkv TlPno5udQqWvE73k4GVycrh+5iukUGn3XR1Lg= MIME-Version: 1.0 Received: by 10.141.203.7 with SMTP id f7mr169091rvq.125.1233021834078; Mon, 26 Jan 2009 18:03:54 -0800 (PST) In-Reply-To: <20090126164357.F90458@sola.nimnet.asn.au> References: <27cb3ada0901251009x7a96019am672f8bd42380df90@mail.gmail.com> <20090126164357.F90458@sola.nimnet.asn.au> Date: Mon, 26 Jan 2009 18:03:54 -0800 Message-ID: <27cb3ada0901261803h301c8cd4xbf5dafcde1f6ff7c@mail.gmail.com> From: Len Gross To: Ian Smith Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: "freebsd-net@freebsd.org" Subject: Re: MTU or Fragmentation Problems on 7.0? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2009 02:03:54 -0000 Ian, Thanks so much for taking the time to look at this problem. I do not have any firewall running on any of the machines, unless something "auto enables." The only rc.conf entries are ifconfig and routing. The thing that is most puzzling to me is that everything is fine on FreeBSD #2 even though it is "behind" a link with 1450 MTU. This sounds like it must be a "bug" on FreeBSD #2 (version 7.0) routing from the 1450 route to the 1500 route to FreeBSD 3. But if that were true, why would running a Web Proxy on FreeBSD #1 work? Some other data. I get the same problem if I replace FreeBSD 3 with a Windows box. I'm pretty sure I had similar behaviour with FreeBSD 6.3 as machine #2,, but it was ignored at the time. I've seen the problem with connections to two different ISPs. I can live with having a Web Proxy on FreeBSD # 1, but I am concerned that this issue will crop up someplace else. -- Len On Sun, Jan 25, 2009 at 9:51 PM, Ian Smith wrote: > On Sun, 25 Jan 2009, Len Gross wrote: > > The following configuration works fine _until_ I make a change in MTU > > setting on the link between FreeBSD1 and FreeBSD2 > > > > Internet > > | > > Router x.x.x.x > > 192.168.0.1/16 > > | > > FreeBSD #1 192.168.0.202 /16 > > 6.3 192.168.1.1/ 24 > > | > > FreeBSD #2 192.168.1.2/24 > > 7.0 192.168.1.5/24 > > | > > FreeBSD #3 192.168.5.2/24 > > 7.0 > > > > All connections are Ethernet. > > > > If I change the MTU on 192.168.1.1 to 1450 and the corresponding MTU > > on 192.168.1.2 to 1450, then Web Browsing on FreeBSD2 continues to > > work, BUT browsing on FreeBSD3 "fails" (mostly.) > > > > On FreeBSD 3 > > Ping and nslookup work fine from FreeBSD3 > > I can get to Google but virtually no other web sites > > Using tcpdump there is lots of unusual stuff, some relating to > > fragmentation ICMP? > > Do any of these machines have a firewall rule blocking ICMP? You want > to be sure at least icmptypes 3,11 are flowing freely to/from FreeBSD3, > as well as pings (icmptypes 0,8) which are apparently permitted. > > cheers, Ian > > > If I put a Web Proxy on FreeBSD 1, everything works fine. > > > > I have tried putting mtu = 1450 using route change on all the routes, > > but that didn't help. > > When I did this I verified all routes had 1450 mtu via netstat ?arW > > > > So I am unsure if this is a FreeBSD bug, a "internet" fragmentation issue or ??? > > Amongst the strangest things is that FreeBSD 2 is unaffected; Firefox > > runs fine there > > > > (There was a thread in October about mtu issues in 7.0 but it didn't > > seem to help my problem.) > > (I run 1450 MTU to support testing of an experimental protocol., but > > all the above is with straight out of the box FreeBSD.) > > > > -- Len >