Date: Fri, 19 Feb 99 18:43:56 -0800 From: Rahul Dhesi <dhesi@rahul.net> To: freebsd-stable@freebsd.org Subject: Re: Problems with ipfw/nat Message-ID: <199902200243.AA25438@waltz.rahul.net> In-Reply-To: Message from Benjamin Gavin <gavinb@supranet.net> of Fri, 19 Feb 99 15:06:43 -0600
next in thread | previous in thread | raw e-mail | index | archive | help
Please check for the following scenario: - Web server sends a big packet for Path-MTU discovery, with "don't fragment" bit set. - Intermediate router sends back an ICMP message saying 'fragmentation needed but don't fragment bit set" - Firewall blocks ICMP. - Web server is still waiting for the ICMP message, which will never reach. Rahul > Date: Fri, 19 Feb 99 15:06:43 CST > From: Benjamin Gavin <gavinb@supranet.net> > To: Chris Johnson <cjohnson@palomine.net> > Cc: freebsd-stable@freebsd.org > Message-Id: <4.1.19990219145943.00b8a6f0@mail.supranet.net> > Subject: Re: Problems with ipfw/nat > Hey, > Well I got a step further. I have traced the problem a little bit > further. The firewall is not blocking any of the packets, and I am able to > connect to another Apache server on the internal network using natd. > However, when I try to connect to an IIS server, I get no such luck. The > connection just hangs.... ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902200243.AA25438>