> Greetings! We've found a website which is accessible from our IP
> masquerading firewall, but not from behind that firewall. tcpdump
> shows a hang involving some acks with the "don't fragment" flag set.
> The mtu for the ppp line is autonegotiated to 1490. We're going to
> try 1500 shortly. But I thought this was fixed.
Okay, I've not looked at the tcpdump output 'cos I'm not a TCP/IP bod, but
this sounds like the website may be behind a broken firewall which is blocking
ICMP_FRAG_NEEDED; can you ping / traceroute them? If not, I'll bet you good
money they employed some loser who configured their router to drop all ICMP.
If this is the case you might be able to get around it by disabling path
MTU discovery, but the correct solution is to contact the administrator of
the site and LART them with something very, very heavy and extremely pointed.
--
"Pascal is Pascal is Pascal is dog meat."
-- M. Devine and P. Larson, Computer Science 340
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/