From owner-freebsd-questions@FreeBSD.ORG Sun Aug 26 19:46:23 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0962216A41B for ; Sun, 26 Aug 2007 19:46:23 +0000 (UTC) (envelope-from mich.admin@mail.ru) Received: from f98.mail.ru (f98.mail.ru [194.67.57.8]) by mx1.freebsd.org (Postfix) with ESMTP id 9519A13C4A6 for ; Sun, 26 Aug 2007 19:46:22 +0000 (UTC) (envelope-from mich.admin@mail.ru) Received: from mail by f98.mail.ru with local id 1IPO3w-000Ito-00; Sun, 26 Aug 2007 23:46:20 +0400 Received: from [91.122.47.16] by win.mail.ru with HTTP; Sun, 26 Aug 2007 23:46:20 +0400 From: mich.admin@mail.ru To: Bill Moran Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: [91.122.47.16] Date: Sun, 26 Aug 2007 23:46:20 +0400 In-Reply-To: <20070826074235.c1c06383.wmoran@potentialtech.com> References: <20070826074235.c1c06383.wmoran@potentialtech.com> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: Cc: freebsd-questions@freebsd.org Subject: Re: TCP packets don't flow from external hosts to WinVista clientsbehind X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: mich.admin@mail.ru List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Aug 2007 19:46:23 -0000 > > MIZ0 wrote: > > > > > Could be TCP window scaling. See > > > http://en.wikipedia.org/wiki/TCP_window_scale_option > > > Or the plain old PMTUD problem described in > > > > > http://www.cisco.com/en/US/tech/tk870/tk877/tk880/technologies_tech_note09186a008011a218.shtml#backinfo > > > > > > =Adriaan= > > > > Nothing helps. > > I've tried to change client's mtu, even shrinked packets with ng_tcpmss > > - no effect. > > I don't understand why freebsd machines from internal network can't > > establish any TCP connection to external net too. > > Sounds to me like you need to carefully go over your network setup. Have > you verified that the problem machines correctly have all the information > they need: proper netmasks, routers, etc? Run tcpdump on both > interfaces of the gateway and see if that provides any hint. > > I have a strong suspicion that you're looking in the wrong place -- > otherwise you would have found the problem. Are there two DHCP servers > on this network? Wouldn't be the first time I saw that problem mess with > someone's head. > > With the information you've provided so far, we're guessing in the dark. > I doubt that ipfw is the culprit, but it's going to take more information > to be sure. > > > Can ipfw or netgraph detect client's OS type and allow only Windows XP ? =)) > > Potentially, but I can't see it doing that by accident. > > -- > Bill Moran > http://www.potentialtech.com Network settings are ok, there're no any DHCP server in my net. Router's interfaces. rl0 (ISP): flags=8843 mtu 1500 options=8 inet 85.249.249.249 netmask 0xffffff00 broadcast 85.249.249.255 ether 00:11:95:5b:84:47 media: Ethernet autoselect (100baseTX ) status: active fxp0 (Internal Net) flags=8843 mtu 1500 options=8 inet 10.0.0.2 netmask 0xffffff80 broadcast 10.0.0.127 ether 00:d0:b7:a0:95:cf media: Ethernet autoselect (100baseTX ) status: active I've run "telnet ya.ru 80" under Windows XP: fxp0: 02:34:04.717756 IP (tos 0x0, ttl 127, id 54374, offset 0, flags [DF], proto: TCP (6), length: 48) 10.0.0.3.2723 > ya.ru.http: S, cksum 0x51a0 (correct), 835980332:835980332(0) win 16384 - 02:34:04.755485 IP (tos 0x0, ttl 54, id 5070, offset 0, flags [DF], proto: TCP (6), length: 48) ya.ru.http > 10.0.0.3.2723: S, cksum 0x326f (correct), 3512433525:3512433525(0) ack 835980333 win 4096 - 02:34:04.756316 IP (tos 0x0, ttl 127, id 54375, offset 0, flags [DF], proto: TCP (6), length: 40) 10.0.0.3.2723 > ya.ru.http: ., cksum 0x28be (correct), ack 1 win 17680 rl0: 02:34:04.720584 IP (tos 0x0, ttl 126, id 54374, offset 0, flags [DF], proto: TCP (6), length: 48) 85.249.249.249.2723 > ya.ru.http: S, cksum 0x5221 (correct), 835980332:835980332(0) win 16384 - 02:34:04.754547 IP (tos 0x0, ttl 55, id 5070, offset 0, flags [DF], proto: TCP (6), length: 48) ya.ru.http > 85.249.249.249.2723: S, cksum 0x32f0 (correct), 3512433525:3512433525(0) ack 835980333 win 4096 - 02:34:04.758703 IP (tos 0x0, ttl 126, id 54375, offset 0, flags [DF], proto: TCP (6), length: 40) 85.249.249.249.2723 > ya.ru.http: ., cksum 0x293f (correct), ack 1 win 17680 And now i've trying to "telnet ya.ru 80" under FreeBSD (i used ip 10.0.0.3 instead of WinXP) fxp0: 02:09:52.627482 IP (tos 0x10, ttl 64, id 3657, offset 0, flags [none], proto: TCP (6), length: 64) 10.0.0.3.61654 > ya.ru.http: S, cksum 0x319a (correct), 2498390137:2498390137(0) win 65535 *******It repeats 3-5 times, then "telnet" returns "Connection Timed Out" error*********** rl0: 02:09:52.631529 IP (tos 0x10, ttl 63, id 3657, offset 0, flags [none], proto: TCP (6), length: 64) 85.249.249.249.61654 > ya.ru.http: S, cksum 0x321b (correct), 2498390137:2498390137(0) win 65535 - 02:09:52.665396 IP (tos 0x0, ttl 55, id 27777, offset 0, flags [DF], proto: TCP (6), length: 64) ya.ru.http > 85.249.249.249.61654: S, cksum 0x077a (correct), 45449397:45449397(0) ack 2498390138 win 4096 - 02:09:52.665423 IP (tos 0x0, ttl 64, id 56014, offset 0, flags [DF], proto: TCP (6), length: 40) 85.249.249.249.61654 > ya.ru.http: R, cksum 0x6450 (correct), 2498390138:2498390138(0) win 0 I gave up =(