> >You are right, I connected without diald, and it is still broken.
> >
> >I guess I'll dust off my TCPDUMP and my ip_fragment.c (is that the right
> >place?) since it looks like I'm the only one who wants it fixed...
>
> At first guess I'd suspect MTU Path discovery doesn't work. This is a
> mechanism used by many systems to optimize the size of transmitted TCP
> packets to avoid fragmentation. (The website sends big packets with "do not
> fragment" flag and reduces packet size if it receives ICMP unreachable:
> "need fragment" errors back).
>
> In my experience this is most often caused by misconfiguration at the
> "other end" of your connection. meaning: nothing much you can do about it;
> some sysadmin has set up a firewall between you and the webserver which
> doesn't allow the ICMP unreachable messages to reach the webserver.
>
> Only thing you can do is a) set your MRU to 1500 so the problem doesn't
> occur or b) contact affected websites on a case by case basis and get them
> to fix their setup by EITHER alloing ICMP unreachable packets to reach
> their webserver OR turning off MTU Path discovery on the websever (for
> linux it's a compile-time option of the kernel).
I remember having a problem like this quite a while ago when
running a ipmasquerading gateway connected with ppp to my ISP.
When we looked into the problem we discovered that we only had
problems connecting to windows NT servers.
It might be an idea for you people running ipmasq to check if
this is still true, if nothing else you know what host not to
try to connect to :).
-Simon Ekstrand
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/