Date: Thu, 26 Jul 2007 09:09:21 +0300 From: Artyom Viklenko <artem@aws-net.org.ua> To: Mihai Tanasescu <mihai@duras.ro> Cc: freebsd-net@freebsd.org Subject: Re: MPD and fragmentation Message-ID: <46A83A91.9090803@aws-net.org.ua> In-Reply-To: <46A7B14B.4000603@duras.ro> References: <46A7B14B.4000603@duras.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
Mihai Tanasescu wrote: > Hello, > > > With help from another FreeBSD user on this list I was able to set up an > MPD pptp server to allow windows machines to connect to it. > > Unfortunately now I've stumbled upon some strange behaviors. > > First of all I'm getting icmp losses even if I use a test LAN to make a > tunnel to the local FBSD machine, but these don't seem to affect my > transfer rate when trying to get a large file via HTTP from the same > machine. > > What bothers me most is that some sites (like msn.com, microsoft.com, > etc) don't seem to be loading. > What I first thought about was the mss problem and so I discovered the > following: > > 22:54:36.633254 IP (tos 0x0, ttl 64, id 14254, offset 0, flags [DF], > proto: ICMP (1), length: 56) FBSD-IP > 207.68.183.32: ICMP FBSD-IP > unreachable - need to frag (mtu 1336), length 36 > > In my config file I have: > set iface mtu 1500 > set link mtu 1440 > set iface enable tcpmssfix > > My full config is posted here: > http://pastebin.com/m66a3c05f > My system: > FreeBSD 6.1-RELEASE-p17 > MPD 4.1 > > I played a bit with the above mentioned values with no luck unfortunately. > I'm still wondering (don't know if I'm right) if a too large packet > comes from 207.68.183.32 why doesn't it get fragmented upon being sent > via ng0 -> pptp1 and instead of this happening my machine sends an ICMP > unreachable back. > Also I have pf running on that machine with a NAT rule for traffic not > destined to the local network (but after several experiments with that > nothing changed in regard to the problem I have). > > I'm banging my head against the wall as I don't know what else to try > anymore. > > Can someone help me out ? If you use PF, try to add rule scrub in all fragment rassemble no-df And VERY carefully check your ruleset. May be you block icmp in some place and PMTU doesn't work. As as last resort you can add max-mss <some-size> to scrub rule. <some-size> may be some value in range of 1300-1460. Sometimes it helps. -- Sincerely yours, Artyom Viklenko. ------------------------------------------------------- artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem FreeBSD: The Power to Serve - http://www.freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46A83A91.9090803>