I had thought the issue must lie in the IP masq code, as the web page
does load from the masquerading host itself, but had overlooked the
fact that the icmp path mtu discovery bit only needs take place if
your immediate link has an mtu higher than some link further down the
path, as is the case *behind* our masquerading firewall, but not on
it, of course.
Thanks for the help, and sorry for the false alarm about the Linux
masq code. Its truly a marvel! Good work, everyone!
Steve Dodd <dirk@loth.demon.co.uk> writes:
> On Wed, Jul 14, 1999 at 12:43:33PM -0400, Camm Maguire wrote:
>
> > Greetings! We've found a website which is accessible from our IP
> > masquerading firewall, but not from behind that firewall. tcpdump
> > shows a hang involving some acks with the "don't fragment" flag set.
> > The mtu for the ppp line is autonegotiated to 1490. We're going to
> > try 1500 shortly. But I thought this was fixed.
>
> Okay, I've not looked at the tcpdump output 'cos I'm not a TCP/IP bod, but
> this sounds like the website may be behind a broken firewall which is blocking
> ICMP_FRAG_NEEDED; can you ping / traceroute them? If not, I'll bet you good
> money they employed some loser who configured their router to drop all ICMP.
>
> If this is the case you might be able to get around it by disabling path
> MTU discovery, but the correct solution is to contact the administrator of
> the site and LART them with something very, very heavy and extremely pointed.
>
> --
> "Pascal is Pascal is Pascal is dog meat."
> -- M. Devine and P. Larson, Computer Science 340
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
-- Camm Maguire camm@enhanced.com ========================================================================== "The earth is but one country, and mankind its citizens." -- Baha'u'llah- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/