Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 12 Jan 2001 12:32:36 +0000
From:      Antony T Curtis <antony@abacus.co.uk>
To:        Antonio Carlos Pina <apina@infolink.com.br>
Cc:        Jonathan Pennington <john@coastalgeology.org>, freebsd-stable@FreeBSD.ORG
Subject:   Re: Cannot access certain sites through firewall
Message-ID:  <3A5EF964.9EF5A8A4@abacus.co.uk>
References:  <20010110232117.A10054@coastalgeology.org> <002801c07c18$be357e50$0b6cffc8@infolink.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help 

What works well for me is having the MTU on the tunX interface much
smaller than the others - 576 works well.

Antonio Carlos Pina wrote:
> 
> I think the problem is your mtu. In fact, I have seen a lot of sites which
> have problems with mtu-path-discovery because their admins have DISABLED all
> icmp traffic. Sad, but it's true.
> 
> Try to put everything in 1500.
> 
> Best Regards,
> 
> Cordialmente,
> Antonio Carlos Pina
> Diretor de Tecnologia
> INFOLINK Internet
> http://www.infolink.com.br
> 
> ----- Original Message -----
> From: "Jonathan Pennington" <john@coastalgeology.org>
> To: <freebsd-security@freebsd.org>
> Sent: Thursday, January 11, 2001 2:21 AM
> Subject: Cannot access certain sites through firewall
> 
> > Hello,
> > I am having a problem with accessing certain websites from my internal
> > network.
> >
> > System 4.2-STABLE, Dec-21. PPPoE through tun0 with an external Alcatel
> > modem connected to ed1 and an internal network with one windows
> > computer and my FreeBSD 4.2-STABLE laptop that can access most
> > websites, but not all. www.cityspree.com is the one in the logs, but
> > www.signals.com, www.pigglywiggly.com and others are on the list.
> >
> > I can access everything from the firewall computer, including the
> > sites that cannot be accessed from the internal network. The tun0
> > interface is mtu 1492, ed0 (internal) and ed1 (external) were 1500,
> > but the same thing happens with all at 1492. (I read in the archives
> > about natd mangling packets due to different sizes). From the logs, it
> > looks like things are travelling through, but Netscape just
> > waits. Specifically, netscape stops at "Connect: Host... contacted.
> > Waiting for reply." However, I can ping those address and not loose
> > packets. Even when I open the firewall up by flushing all
> > rules and allowing everything, theses sites are not working. What am I
> > doing wrong? Is this a problem with my natd translation? I am using
> > natd unmodified (ie. I set no configs myself), but why would that stop
> > only some sites (I can access https).
> >
> > I'm not on this list, but will watch the geocrawler archives. I
> > appreciate any help. Log snippet of attempt to visit www.cityspree.com
> > and www.signals.com after successfully pinging signals.com and a copy
> > of my firewall rules follow.
> >

<snip>

-- 
ANTONY T CURTIS                     Tel: +44 (1635) 36222
Abacus Polar Holdings Ltd           Fax: +44 (1635) 38670
> One good reason why computers can do more work than people is that they
> never have to stop and answer the phone.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A5EF964.9EF5A8A4>