Date: Wed, 12 Apr 2006 15:35:18 +0300 From: Nikos Vassiliadis <nvass@teledomenet.gr> To: freebsd-questions@freebsd.org Cc: Arnold Lee <arnoldlee_cn@yahoo.com.cn> Subject: Re: problem with ipfilter(ipnat) Message-ID: <200604121535.19042.nvass@teledomenet.gr> In-Reply-To: <20060412083426.89543.qmail@web15810.mail.cnb.yahoo.com> References: <20060412083426.89543.qmail@web15810.mail.cnb.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 12 April 2006 11:34, Arnold Lee wrote: > I am in a small lan and want to use fb 6.0 as a router to share internet > access. I use mpd 3.18 to dial adsl on demand. I configured ipnat with : > map rl0 10.0.0.0/8 -> 0.0.0.0/32 portmap tcp/udp auto > map rl0 10.0.0.0/8 -> 0.0.0.0/32 > And then I use my client compute(windows 2000 Pro) to access internet, it > seems ok, but soon I realize that there are some websites I can not access! > For example, www.chinaunix.net is unacessable! So are some ftp sites such > as ftp.freebsd.org. It must be a problem of the FB6 box, because if i > access internet directly from the win2000 box, all those sites above is ok > ! what is wrong? By the way, I donot use ipfirewall and other firewall, and > in rc.conf, I wrote "ipfilter_enable = NO, ipnat_enable= YES". Can you help > me? I can try. It might be a PMTU problem. A quick way testing PMTU related problems is setting a small (below 1400) MTU on your nic. If you have another Unix-like OS on your lan(besides your router) you can try a smaller MTU like this "ifconfig nic mtu 1000" and see what's going on. If you don't have another Unix-like OS, go to step 2 (Windows can also change MTU size but the procedure is not that simple, google for it if you want it). 2) I recall that I have seen something relative in ipf. It's here: http://www.netbsd.org/Documentation/network/pppoe/#clamping a quick search in man 5 ipf.conf for "clamp" returned no results, but that's the case for NetBSD man aswell. I guess it is not documented in the manual. Try it. there is also ng_tcpmss(4), which does the job and is what I have used in the past with success there are other sollutions too(an mpd option, is it working? a daemon (tcpmssd)) but I am not familar with... HTH > > > --------------------------------- > 无限容量雅虎相册,原图等大下载,超快速度,赶快抢注! > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604121535.19042.nvass>