From owner-freebsd-net@FreeBSD.ORG Thu Jul 26 06:09:40 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 72EC816A41F for ; Thu, 26 Jul 2007 06:09:40 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from alf.aws-net.org.ua (alf.aws-net.org.ua [85.90.196.192]) by mx1.freebsd.org (Postfix) with ESMTP id 6F7B813C45A for ; Thu, 26 Jul 2007 06:09:38 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from [10.100.0.23] (vl-office.vl.net.ua [194.44.81.189]) by alf.aws-net.org.ua (8.13.8/8.13.8) with ESMTP id l6Q69Lb3087006 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 26 Jul 2007 09:09:30 +0300 (EEST) (envelope-from artem@aws-net.org.ua) Message-ID: <46A83A91.9090803@aws-net.org.ua> Date: Thu, 26 Jul 2007 09:09:21 +0300 From: Artyom Viklenko Organization: Art&Co. User-Agent: Thunderbird 2.0.0.5 (Windows/20070716) MIME-Version: 1.0 To: Mihai Tanasescu References: <46A7B14B.4000603@duras.ro> In-Reply-To: <46A7B14B.4000603@duras.ro> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded STARTTLS authentication, not delayed by milter-greylist-3.0 (alf.aws-net.org.ua [192.168.32.253]); Thu, 26 Jul 2007 09:09:32 +0300 (EEST) X-Virus-Scanned: ClamAV version 0.91.1, clamav-milter version 0.91.1 on alf.aws-net.org.ua X-Virus-Status: Clean Cc: freebsd-net@freebsd.org Subject: Re: MPD and fragmentation X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2007 06:09:40 -0000 Mihai Tanasescu wrote: > Hello, > > > With help from another FreeBSD user on this list I was able to set up an > MPD pptp server to allow windows machines to connect to it. > > Unfortunately now I've stumbled upon some strange behaviors. > > First of all I'm getting icmp losses even if I use a test LAN to make a > tunnel to the local FBSD machine, but these don't seem to affect my > transfer rate when trying to get a large file via HTTP from the same > machine. > > What bothers me most is that some sites (like msn.com, microsoft.com, > etc) don't seem to be loading. > What I first thought about was the mss problem and so I discovered the > following: > > 22:54:36.633254 IP (tos 0x0, ttl 64, id 14254, offset 0, flags [DF], > proto: ICMP (1), length: 56) FBSD-IP > 207.68.183.32: ICMP FBSD-IP > unreachable - need to frag (mtu 1336), length 36 > > In my config file I have: > set iface mtu 1500 > set link mtu 1440 > set iface enable tcpmssfix > > My full config is posted here: > http://pastebin.com/m66a3c05f > My system: > FreeBSD 6.1-RELEASE-p17 > MPD 4.1 > > I played a bit with the above mentioned values with no luck unfortunately. > I'm still wondering (don't know if I'm right) if a too large packet > comes from 207.68.183.32 why doesn't it get fragmented upon being sent > via ng0 -> pptp1 and instead of this happening my machine sends an ICMP > unreachable back. > Also I have pf running on that machine with a NAT rule for traffic not > destined to the local network (but after several experiments with that > nothing changed in regard to the problem I have). > > I'm banging my head against the wall as I don't know what else to try > anymore. > > Can someone help me out ? If you use PF, try to add rule scrub in all fragment rassemble no-df And VERY carefully check your ruleset. May be you block icmp in some place and PMTU doesn't work. As as last resort you can add max-mss to scrub rule. may be some value in range of 1300-1460. Sometimes it helps. -- Sincerely yours, Artyom Viklenko. ------------------------------------------------------- artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem FreeBSD: The Power to Serve - http://www.freebsd.org