From owner-freebsd-isp  Sat Jul  7  7:53:38 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from velvet.sensation.net.au (serial1-2-velvet-brunswick.sensation.net.au [203.20.114.195])
	by hub.freebsd.org (Postfix) with ESMTP id 3B9A037B407
	for <freebsd-isp@freebsd.org>; Sat,  7 Jul 2001 07:53:33 -0700 (PDT)
	(envelope-from rowan@sensation.net.au)
Received: from localhost (rowan@localhost)
	by velvet.sensation.net.au (8.9.3/8.9.3) with ESMTP id AAA47751
	for <freebsd-isp@freebsd.org>; Sun, 8 Jul 2001 00:53:29 +1000 (EST)
	(envelope-from rowan@sensation.net.au)
X-Authentication-Warning: velvet.sensation.net.au: rowan owned process doing -bs
Date: Sun, 8 Jul 2001 00:53:26 +1000 (EST)
From: Rowan Crowe <rowan@sensation.net.au>
To: freebsd-isp@freebsd.org
Subject: Re: Can anyone explain this?
Message-ID: <Pine.BSF.4.21.0107080053100.46415-100000@velvet.sensation.net.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

On Sun, 8 Jul 2001, Rob Secombe wrote:

> rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
...
> rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
...
> tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
>         inet xxx.xxx.xxx.xxx --> yyy.yyy.yyy.yyy netmask 0xffffff00

I'd say it's an MTU/MSS problem. Your internal machines are probably
advertising that they can receive a 1500 byte packet, but your ADSL
gateway can only pass a 1492 byte packet without fragmenting. If a full
size 1500 byte packet with the "Don't Fragment" bit arrives, the gateway
should be sending back ICMP "need to fragment: MTU 1492" messages, but
perhaps NAT does something strange here, or perhaps some silly person has
blocked that particular ICMP message somewhere in the path. (I ran into
this very problem with an anal firewall at www.theage.com.au when playing
with DSL).

Do a tcpdump on tun0 when you're trying to collect mail, see what ICMP
messages (if any) are floating around...

You can also try configuring the workstations to use a lower MSS; I'm not
sure how involved that is for your particular setup. Unfortunately, it may
be the only simple solution... :-(

My solution was to set up an IP tunnel with the ISP at the other end, the
tunnel itself can pass a 1500 byte packet with DF set even though it ends
up as 2 encapsulated packets between the two ends of the tunnel.

If your upstream isn't Telstra then it may be worth asking for assistance,
see if you can find someone with clue who can tinker a little. If it's
Telstra then I wouldn't bother. :-\

Cheers.


--
Rowan Crowe                              http://www.rowan.sensation.net.au/
Sensation Internet Services                   http://info.sensation.net.au/
Melbourne, Australia                                 Phone: +61-3-9329-5498



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message