Date: Wed, 02 Dec 1998 16:54:07 +0000 From: Karl Pielorz <kpielorz@tdx.co.uk> To: Thomas David Rivers <rivers@dignus.com> Cc: eischen@vigrid.com, nate@mt.sri.com, dillon@apollo.backplane.com, hackers@FreeBSD.ORG, luigi@labinfo.iet.unipi.it Subject: Re: TCP bug Message-ID: <366570AF.58AAC806@tdx.co.uk> References: <199812021647.LAA09094@lakes.dignus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thomas David Rivers wrote: > Just to add to this; I've got exactly the same symptoms; which I previously > reported. > > On my internal network; I can't get to some sites (www.aol.com being > the best example.) > > But, If I'm on the gateway machine - it has no problems getting there. > > Thus, I was implicating natd. > > And - it so happens; my connection is a SL/IP connection, and my MTU > is 552. > > I'm betting there's something going on with natd and packet fragmentation. > > Several people unsuccessfully tried to duplicate my problem; but I'm > wondering now if they were using PPP or something else that had a higher > MTU, and, thus, didn't fragment any packets. We originally encountered this problem ages ago using PPP (it also showed up under Slip)... What we found happening was requests to the webservers went out fine (i.e. from host to internet). Because of the small MTU being used data would come back in, hit the FreeBSD box (which would see that it's DF - don't fragment bit was set) - at this point it sent back an ICMP message to the remote host "packet too big". It turns out through a combination of firewalls (ours on our host, and the remote Internet sites [including Microsoft et'al]) these ICMP messages were getting blocked... If we turned off _all_ our firewalls (bearing in mind the ICMP was being generated by the Terminal Server BSD box, not the client on the other end of the PPP/SLIP link) it would work with even more sites (but not all)... The exact ICMP being clobbered was ICMP "packet-too-big" (i.e. fragmentation needed and DF bit set). The 'mystery' was caused by the Terminal Server trying to send it, not the modem user (who wasn't firewalled at all from our side)... Hope this helps! Regards, Karl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?366570AF.58AAC806>