Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Dec 1998 08:36:56 +0100 (CET)
From:      Reinier Bezuidenhout <Reinier.Bezuidenhout@KryptoKom.DE>
To:        nate@mt.sri.com (Nate Williams)
Cc:        ru@ucb.crimea.ua, rivers@dignus.com, eischen@vigrid.com, nate@mt.sri.com, dillon@apollo.backplane.com, hackers@FreeBSD.ORG, luigi@labinfo.iet.unipi.it
Subject:   Re: TCP bug
Message-ID:  <199812030736.IAA06479@borg.kryptokom.de>
In-Reply-To: <199812021720.KAA06413@mt.sri.com> from Nate Williams at "Dec 2, 1998 10:20:54 am"
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi ...

I've missed some of the discussion, so if this is totally in the wrong
direction .. :)

We had a similar problem once when we had a 2.2.6 version of FreeBSD
running and a ppp line connection and from there a ethernet going
out to an ISP.  The symptoms were that some sites on the internet would be
reachable and others not. (We had ipfw running on the FreeBSD machine).

After adding a "deny log all from any to any" just before the default
rule, we saw that fragmented packets were alse being tested against
the firewall rules would thus fail because of weird port numbers.

We changed the MTU on the ppp line ( mmmm now I'm not sure if it was
ppp or slip :/ ) to 1500 and then everything worked fine.

I seem to remember a commit for ipfw that fixed this problem but
I'm not sure.

:) Maybe this helps

Bye

Reinier

> > >  On my internal network; I can't get to some sites (www.aol.com being
> > > the best example.)
> > > 
> > >  But, If I'm on the gateway machine - it has no problems getting there.
> > > 
> > >  Thus, I was implicating natd.
> > > 
> > >  And - it so happens; my connection is a SL/IP connection, and my MTU
> > > is 552.
> > 
> > Some sites block ICMP and thus break PMTU discovery.
> 
> Umm, if this is the case, why would we be having a problem with a
> network segment with a smaller MTU not being able to send packets to a
> network with a bigger MTU?  It would seem to me that the small MTU
> network connection would be the one having the problems, not the larger
> MTU network connection.
> 
> 
> Nate
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812030736.IAA06479>