From owner-freebsd-questions@FreeBSD.ORG Sun Aug 26 11:42:36 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ECF9C16A418 for ; Sun, 26 Aug 2007 11:42:36 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from mail.potentialtech.com (internet.potentialtech.com [66.167.251.6]) by mx1.freebsd.org (Postfix) with ESMTP id C163813C46E for ; Sun, 26 Aug 2007 11:42:36 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from working (c-71-60-127-199.hsd1.pa.comcast.net [71.60.127.199]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.potentialtech.com (Postfix) with ESMTP id E713BEBC78; Sun, 26 Aug 2007 07:42:35 -0400 (EDT) Date: Sun, 26 Aug 2007 07:42:35 -0400 From: Bill Moran To: MIZ0 Message-Id: <20070826074235.c1c06383.wmoran@potentialtech.com> In-Reply-To: <46D12F40.5060500@mail.ru> References: <46D12F40.5060500@mail.ru> X-Mailer: Sylpheed 2.4.4 (GTK+ 2.10.14; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: TCP packets don't flow from external hosts to WinVista clients behind X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Aug 2007 11:42:37 -0000 MIZ0 wrote: > > > Could be TCP window scaling. See > > http://en.wikipedia.org/wiki/TCP_window_scale_option > > Or the plain old PMTUD problem described in > > > http://www.cisco.com/en/US/tech/tk870/tk877/tk880/technologies_tech_note09186a008011a218.shtml#backinfo > > > > =Adriaan= > > Nothing helps. > I've tried to change client's mtu, even shrinked packets with ng_tcpmss > - no effect. > I don't understand why freebsd machines from internal network can't > establish any TCP connection to external net too. Sounds to me like you need to carefully go over your network setup. Have you verified that the problem machines correctly have all the information they need: proper netmasks, routers, etc? Run tcpdump on both interfaces of the gateway and see if that provides any hint. I have a strong suspicion that you're looking in the wrong place -- otherwise you would have found the problem. Are there two DHCP servers on this network? Wouldn't be the first time I saw that problem mess with someone's head. With the information you've provided so far, we're guessing in the dark. I doubt that ipfw is the culprit, but it's going to take more information to be sure. > Can ipfw or netgraph detect client's OS type and allow only Windows XP ? =)) Potentially, but I can't see it doing that by accident. -- Bill Moran http://www.potentialtech.com