From owner-freebsd-stable Fri Feb 19 18:44:11 1999 Delivered-To: freebsd-stable@freebsd.org Received: from bolero-x.rahul.net (bolero.rahul.net [192.160.13.1]) by hub.freebsd.org (Postfix) with SMTP id 2F61C11289 for ; Fri, 19 Feb 1999 18:44:04 -0800 (PST) (envelope-from dhesi@rahul.net) Received: from waltz.rahul.net by bolero-x.rahul.net with SMTP id AA08235 (5.67b8/IDA-1.5 for ); Fri, 19 Feb 1999 18:44:03 -0800 Received: by waltz.rahul.net (5.67b8/jive-a2i-1.0) id AA25438; Fri, 19 Feb 1999 18:43:56 -0800 Message-Id: <199902200243.AA25438@waltz.rahul.net> To: freebsd-stable@freebsd.org Subject: Re: Problems with ipfw/nat In-Reply-To: Message from Benjamin Gavin of Fri, 19 Feb 99 15:06:43 -0600 Date: Fri, 19 Feb 99 18:43:56 -0800 From: Rahul Dhesi Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Please check for the following scenario: - Web server sends a big packet for Path-MTU discovery, with "don't fragment" bit set. - Intermediate router sends back an ICMP message saying 'fragmentation needed but don't fragment bit set" - Firewall blocks ICMP. - Web server is still waiting for the ICMP message, which will never reach. Rahul > Date: Fri, 19 Feb 99 15:06:43 CST > From: Benjamin Gavin > To: Chris Johnson > Cc: freebsd-stable@freebsd.org > Message-Id: <4.1.19990219145943.00b8a6f0@mail.supranet.net> > Subject: Re: Problems with ipfw/nat > Hey, > Well I got a step further. I have traced the problem a little bit > further. The firewall is not blocking any of the packets, and I am able to > connect to another Apache server on the internal network using natd. > However, when I try to connect to an IIS server, I get no such luck. The > connection just hangs.... ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message