From owner-freebsd-questions@FreeBSD.ORG Sun Aug 26 01:49:56 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 083B216A417 for ; Sun, 26 Aug 2007 01:49:56 +0000 (UTC) (envelope-from j65nko@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.228]) by mx1.freebsd.org (Postfix) with ESMTP id C208B13C468 for ; Sun, 26 Aug 2007 01:49:55 +0000 (UTC) (envelope-from j65nko@gmail.com) Received: by nz-out-0506.google.com with SMTP id l8so750070nzf for ; Sat, 25 Aug 2007 18:49:55 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=UnSE31KK5zInA5otBnGtRobcaTNvxqG2f0S6o6vSBm4nNCwJlwaBebrOrDVOGnAbfbXi2L3wpGTSm6ZYvTfxhCu/71kzXbqm47mORUxTvHiXTUNrS/lwBlJ23N0CohTAG3HML5VrsKWBtT9PAsq3b19Fdal5Mlwv5a0vV+Oi2CE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=R4Iwj+q0tY+6wB3jYmLS+kmdlRsFk0fm1WULBvPQ1t0UGIbf8V2Jy5HXCAh/Uln6ijwRfGG+siP7+iC+Jr0j11hIho6Msg/dpzuD113uUMV5cHvp2TIn3YXmGtMKHjyIKQpKnsBHKoku6J1V2PsLIbFnrq0f3JisVjyRsrAIk9Q= Received: by 10.142.226.2 with SMTP id y2mr144946wfg.1188091367131; Sat, 25 Aug 2007 18:22:47 -0700 (PDT) Received: by 10.143.157.5 with HTTP; Sat, 25 Aug 2007 18:22:47 -0700 (PDT) Message-ID: <19861fba0708251822v6a80725fq20b9b2d37c0c5b2d@mail.gmail.com> Date: Sun, 26 Aug 2007 03:22:47 +0200 From: J65nko To: freebsd-questions@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Subject: Re: TCP packets don't flow from external hosts to WinVista clients behind X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Aug 2007 01:49:56 -0000 On 8/26/07, mich.admin@mail.ru wrote: > Hello... > I've got a strange trouble... > FreeBSD 6.2 amd64 as nat-router: > rl0 85.249.249.249 -> ISP > fxp0 10.0.0.1 -> My Internal Net > natd/ng_nat > ipfw: allow all from any to any > > WinXP client machines work fine behind nat, but WinVista, FreeBSD (5.5/6.2) clients don't. > It's very strange but it's unable to establish any TCP internet connection from non WinXP host. ICMP and UDP packets flows normally. > For example, I can ping host ya.ru, get DNS-reply from internet servers, play games via UDP, but i can't view web pages, open shh session and just can't "telnet" to any port!!!! > Traffic from/to my net is not filtering by firewalls at all. I've tested it with natd ang ng_nat - there's no difference! I've tried to solve this problem during last week =( Unfortunately, i can't. Now i'm going to try using pf or ipfilter instead of ipfw or ever reinstall server OS and may be change freebsd architecture to i386. > > Any ideas ? Could be TCP window scaling. See http://en.wikipedia.org/wiki/TCP_window_scale_option Or the plain old PMTUD problem described in http://www.cisco.com/en/US/tech/tk870/tk877/tk880/technologies_tech_note09186a008011a218.shtml#backinfo =Adriaan=