From owner-freebsd-questions Wed Jan 30 12:31: 4 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail3.panix.com (mail3.panix.com [166.84.0.167]) by hub.freebsd.org (Postfix) with ESMTP id BA4C837B416 for ; Wed, 30 Jan 2002 12:30:54 -0800 (PST) Received: from panix2.panix.com (panix2.panix.com [166.84.1.2]) by mail3.panix.com (Postfix) with ESMTP id 5DFA1983DE for ; Wed, 30 Jan 2002 15:30:54 -0500 (EST) Received: (from jbrann@localhost) by panix2.panix.com (8.11.3nb1/8.8.8/PanixN1.0) id g0UKUs716730 for questions@freebsd.org; Wed, 30 Jan 2002 15:30:54 -0500 (EST) Date: Wed, 30 Jan 2002 15:30:54 -0500 From: John Brann To: questions@freebsd.org Subject: No response on some https connections through natd/pppoe gateway Message-ID: <20020130203053.GB15658@panix.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.25i Organization: Not while I'm at home X-Operating-System: NetBSD 1.5.2 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I have the following setup: +-----------+ +-----------+ +--------------+ +------------+ --| DSL Modem |--- ep0 FreeBSD wi0 ---| Access Point |---fxp0 FreeBSD | | | | laptop | | | | workstation| +-----------+ +-----------+ +--------------+ +------------+ The laptop serves as a firewall and gateway machine. The DSL link requires PPPoE, so the ep0 interface is configured only to carry the PPPoE packets created by ppp(8). The laptop does nat for the internal network. The problem described below occurs with both natd and ppp's own nat. The laptop runs 4.1-RELEASE, the workstation 4.4-STABLE (of last week). For the most part the configuration works perfectly. Up to two other laptops use the wireless network. The problem I am outlining occurs with at least one of them. ppp.conf file from laptop: default: panix: set device PPPoE:ep0 set mru 1492 set mtu 1492 set authname set authkey set log Phase tun command set dial set login set ifaddr 10.0.0.1/0 10.0.0.2/0 add default HISADDR PROBLEM: When following certain Web links from the FreeBSD workstation, no page is received. The only pages I am able to reproduce this problem with are https pages - for instance, when trying to log in to Yahoo securely, the page demanding the Security ID is displayed, but after entering the ID, no further response is received. When performing the same web transactions on the laptop, the pages load normally. Using the lynx-ssl port shows information on the progress of the page load - specifically the numerous cookie transactions that precede loading the page. All these preliminary actions appear to take place properly, it is only the data load of the page contents that appears to hang. HYPOTHESIS: I wonder if this has something to do with window size? I am no expert in tcpdump, but I logged the tun0 device on the laptop for a successful session (from the laptop) and an unsuccessful one (from the workstation). The only significant difference in the packets, up to the point that no more packets passed to the workstation, was the window size. [full tcpdump available on request]: from laptop: 11:10:47.673435 ip: .1075 > pp1.vip.scv.yahoo.com.https: \ S 4239492157:4239492157(0) win 16384 (DF) From workstation: 11:09:06.698165 ip: .4723 > pp1.vip.scv.yahoo.com.https: \ S 3795938832:3795938832(0) win 65535 (DF) HELP REQUIRED: Is my hypothesis valid? If so what can I do? If not what could be causing the problem? Please reply directly to me, I'm not subscribed to questions. Thanks, John -- Unreal City, Under the brown fog of a winter dawn, finger jbrann@panix.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message