From owner-freebsd-hackers Wed Dec 2 23:37:45 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA12683 for freebsd-hackers-outgoing; Wed, 2 Dec 1998 23:37:45 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from Thingol.KryptoKom.DE (Thingol.KryptoKom.DE [194.245.91.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA12677 for ; Wed, 2 Dec 1998 23:37:42 -0800 (PST) (envelope-from Reinier.Bezuidenhout@KryptoKom.DE) Received: (from mail@localhost) by Thingol.KryptoKom.DE (8.8.7/8.8.4) id IAA04172; Thu, 3 Dec 1998 08:31:52 +0100 Received: from cirdan.kryptokom.de by via smtpp (Version 1.1.1beta6) id kwa04169; Thu Dec 03 08:31:39 1998 Received: by Cirdan.KryptoKom.DE (8.8.5/8.8.5) with ESMTP id IAA14858; Thu, 3 Dec 1998 08:26:49 +0100 Received: (from bez@localhost) by borg.kryptokom.de (8.8.8/8.8.8) id IAA06479; Thu, 3 Dec 1998 08:36:56 +0100 (CET) (envelope-from bez) From: Reinier Bezuidenhout Message-Id: <199812030736.IAA06479@borg.kryptokom.de> Subject: Re: TCP bug In-Reply-To: <199812021720.KAA06413@mt.sri.com> from Nate Williams at "Dec 2, 1998 10:20:54 am" To: nate@mt.sri.com (Nate Williams) Date: Thu, 3 Dec 1998 08:36:56 +0100 (CET) Cc: ru@ucb.crimea.ua, rivers@dignus.com, eischen@vigrid.com, nate@mt.sri.com, dillon@apollo.backplane.com, hackers@FreeBSD.ORG, luigi@labinfo.iet.unipi.it X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi ... I've missed some of the discussion, so if this is totally in the wrong direction .. :) We had a similar problem once when we had a 2.2.6 version of FreeBSD running and a ppp line connection and from there a ethernet going out to an ISP. The symptoms were that some sites on the internet would be reachable and others not. (We had ipfw running on the FreeBSD machine). After adding a "deny log all from any to any" just before the default rule, we saw that fragmented packets were alse being tested against the firewall rules would thus fail because of weird port numbers. We changed the MTU on the ppp line ( mmmm now I'm not sure if it was ppp or slip :/ ) to 1500 and then everything worked fine. I seem to remember a commit for ipfw that fixed this problem but I'm not sure. :) Maybe this helps Bye Reinier > > > On my internal network; I can't get to some sites (www.aol.com being > > > the best example.) > > > > > > But, If I'm on the gateway machine - it has no problems getting there. > > > > > > Thus, I was implicating natd. > > > > > > And - it so happens; my connection is a SL/IP connection, and my MTU > > > is 552. > > > > Some sites block ICMP and thus break PMTU discovery. > > Umm, if this is the case, why would we be having a problem with a > network segment with a smaller MTU not being able to send packets to a > network with a bigger MTU? It would seem to me that the small MTU > network connection would be the one having the problems, not the larger > MTU network connection. > > > Nate > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message