From owner-freebsd-stable Fri Jan 12 4:33:13 2001 Delivered-To: freebsd-stable@freebsd.org Received: from mailgate.abacus.co.uk (mailgate.abacus.co.uk [194.130.48.21]) by hub.freebsd.org (Postfix) with ESMTP id 7AA4737B401 for ; Fri, 12 Jan 2001 04:32:54 -0800 (PST) Received: from abacus.co.uk (pcantony.bl.abacus.co.uk [194.130.48.111]) by mailgate.abacus.co.uk (8.9.3/8.9.3) with ESMTP id MAA27983; Fri, 12 Jan 2001 12:29:39 GMT Message-ID: <3A5EF964.9EF5A8A4@abacus.co.uk> Date: Fri, 12 Jan 2001 12:32:36 +0000 From: Antony T Curtis Organization: Abacus Polar PLC (UK) X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.1.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Antonio Carlos Pina Cc: Jonathan Pennington , freebsd-stable@FreeBSD.ORG Subject: Re: Cannot access certain sites through firewall References: <20010110232117.A10054@coastalgeology.org> <002801c07c18$be357e50$0b6cffc8@infolink.com.br> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG What works well for me is having the MTU on the tunX interface much smaller than the others - 576 works well. Antonio Carlos Pina wrote: > > I think the problem is your mtu. In fact, I have seen a lot of sites which > have problems with mtu-path-discovery because their admins have DISABLED all > icmp traffic. Sad, but it's true. > > Try to put everything in 1500. > > Best Regards, > > Cordialmente, > Antonio Carlos Pina > Diretor de Tecnologia > INFOLINK Internet > http://www.infolink.com.br > > ----- Original Message ----- > From: "Jonathan Pennington" > To: > Sent: Thursday, January 11, 2001 2:21 AM > Subject: Cannot access certain sites through firewall > > > Hello, > > I am having a problem with accessing certain websites from my internal > > network. > > > > System 4.2-STABLE, Dec-21. PPPoE through tun0 with an external Alcatel > > modem connected to ed1 and an internal network with one windows > > computer and my FreeBSD 4.2-STABLE laptop that can access most > > websites, but not all. www.cityspree.com is the one in the logs, but > > www.signals.com, www.pigglywiggly.com and others are on the list. > > > > I can access everything from the firewall computer, including the > > sites that cannot be accessed from the internal network. The tun0 > > interface is mtu 1492, ed0 (internal) and ed1 (external) were 1500, > > but the same thing happens with all at 1492. (I read in the archives > > about natd mangling packets due to different sizes). From the logs, it > > looks like things are travelling through, but Netscape just > > waits. Specifically, netscape stops at "Connect: Host... contacted. > > Waiting for reply." However, I can ping those address and not loose > > packets. Even when I open the firewall up by flushing all > > rules and allowing everything, theses sites are not working. What am I > > doing wrong? Is this a problem with my natd translation? I am using > > natd unmodified (ie. I set no configs myself), but why would that stop > > only some sites (I can access https). > > > > I'm not on this list, but will watch the geocrawler archives. I > > appreciate any help. Log snippet of attempt to visit www.cityspree.com > > and www.signals.com after successfully pinging signals.com and a copy > > of my firewall rules follow. > > -- ANTONY T CURTIS Tel: +44 (1635) 36222 Abacus Polar Holdings Ltd Fax: +44 (1635) 38670 > One good reason why computers can do more work than people is that they > never have to stop and answer the phone. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message