Date: Sun, 26 Mar 2000 17:30:11 -1000 (HST) From: Vincent Poy <vince@oahu.WURLDLINK.NET> To: Michael Wozniak <mwozniak@netcom.ca> Cc: freebsd-net@FreeBSD.ORG Subject: RE: PPP/PPPOE and NAT Message-ID: <Pine.BSF.4.21.0003261728080.45830-100000@oahu.WURLDLINK.NET> In-Reply-To: <001101bf974a$86b13e00$0a80a8c0@mwozniak.uniservers.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 26 Mar 2000, Michael Wozniak wrote: Actually, the number could be as high as 1492 for the PPPoE as far as the RFC is concerned. Also, on the Windows machine, you may want to increase the Receive Window size to 32767. Speaking about FreeBSD as a NAT router, can it do port mapping so that it will sense which machine sent the request for apps like dialpad instead of mapping to a certain machine only? Since I noticed that Linux seems to have the triggered mapping support. Cheers, Vince - vince@WURLDLINK.NET - Vice President ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] WurldLink Corporation / / / / | / | __] ] San Francisco - Honolulu - Hong Kong / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____] Almighty1@IRC - oahu.DAL.NET Hawaii's DALnet IRC Network Server Admin > Bob, > > What you have created/encountered is a called a "Black Hole" router. > 98 is sending TCP packets with a requested segment size too big to > fit into a PPPoE frame (MTU is 1500 by default for ethernet) AND > have the "don't fragment" bit set (default of TCP) and the Telco > router is not sending ICMP "must fragment" back to the www site > you are trying to load. When the www server is sending you frames > that don't fit into the PPPoE pipe the Telco router drops them on > the floor and your page doesn't load (some pages/graphics do as they > are smaller than a MSS.) This seems to be the default of most Telco > PPPoE configurations (if only they knew how to program a router... > sigh...) > > One fix is to use regedit on your 95/98 boxes to add the following > registry entry... > > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\NetTrans\0000\Max > MTU > > It should be a string with a value "1450" (more accurately it > should be "1464" to fit TCP packets into a PPPoE frame perfectly > but the 1450 gives you a margin of error for other IP protocols > you may encounter.) > > Refer to MS KB # "Q158474 - Windows TCPIP Registry Entries" and > "Q120642 - TCPIP & NBT Configuration Parameters for Windows NT" > for more information on changing Windoze MTU to work with a > FreeBSD/NAT/PPPoE router. > > Mike > > > -----Original Message----- > > From: owner-freebsd-net@FreeBSD.ORG > > [mailto:owner-freebsd-net@FreeBSD.ORG]On Behalf Of Bob Fayne > > Sent: Sunday, March 26, 2000 11:48 AM > > To: freebsd-net@FreeBSD.ORG > > Subject: PPP/PPPOE and NAT > > > > > > I've also been having a lot of trouble using NAT over a PPPoE > > connection. > > > > I'm using 3.4-RELEASE and noticed the problems right away. > > They still show > > up with the 0326-ppp. It seems like it's some sort of > > fragmentation issue. > > Most of my experience is with straight ethernet and not ppp. > > Anyway here's > > my ppp.conf... > > > > > > default: > > set device PPPoE:de0 > > set log Error Alert Warning Phase Chat IPCP CCP tun command > > set dial > > set timeout 60 > > set ifaddr 0.0.0.0 > > set cd 5 > > enable dns > > accept PAP > > set speed sync > > add 0 0 HISADDR > > enable lqr > > set redial 0 0 > > nat enable yes > > nat log yes > > set mru 1492 > > set mtu 1492 > > > > Bell: > > set authname xxxxxx > > set authkey yyyyyy > > > > > > I issue the command "ppp -ddial -nat Bell" as root and it > > connects just fine. > > Speed looks fine, pages load quickly, etc. But when I use > > Windows98 clients > > with the NAT, it doesn't go so well. > > > > The symptoms range from pretty much none with some pages > > (www.ibm.com), to > > missing banners(www.intellicast.com) to nothing at all with > > most pages. > > I used www.hp.com as a test. > > > > I did some tcpdumps to try and see where the break is. This > > is what I get > > when I try to load a page using the dsl connection: > > > > 08:19:00.716742 111.111.1.1.1105 > 192.151.11.32.80: S > > 1471379:1471379(0) > > win 8192 <mss 1460,nop,nop,sackOK> (DF) > > 08:19:00.813355 192.151.11.32.80 > 111.111.1.1.1105: S > > 31360000:31360000(0) > > ack 1471380 win 32768 <mss 1460> (DF) > > 08:19:00.813802 111.111.1.1.1105 > 192.151.11.32.80: . ack 1 > > win 8760 (DF) > > 08:19:00.817677 111.111.1.1.1105 > 192.151.11.32.80: P > > 1:354(353) ack 1 win > > 8760 (DF) > > 08:19:03.723892 111.111.1.1.1105 > 192.151.11.32.80: P > > 1:354(353) ack 1 win > > 8760 (DF) > > 08:19:03.870080 192.151.11.32.80 > 111.111.1.1.1105: . ack > > 354 win 32768 (DF) > > > > When I change the default route on this box to be the cable > > interface, this > > is what I get: > > > > 07:43:47.122168 111.111.1.1.1037 > 192.151.11.32.80: S > > 629054:629054(0) win > > 8192 <mss 1460,nop,nop,sackOK> (DF) > > 07:43:50.027428 111.111.1.1.1037 > 192.151.11.32.80: S > > 629054:629054(0) win > > 8192 <mss 1460,nop,nop,sackOK> (DF) > > 07:43:50.107253 192.151.11.32.80 > 111.111.1.1.1037: S > > 88448000:88448000(0) > > ack 629055 win 32768 <mss 1460> (DF) > > 07:43:50.107411 111.111.1.1.1037 > 192.151.11.32.80: . ack 1 > > win 8760 (DF) > > 07:43:50.110678 111.111.1.1.1037 > 192.151.11.32.80: P > > 1:354(353) ack 1 win > > 8760 (DF) > > 07:43:50.193727 192.151.11.32.80 > 111.111.1.1.1037: . ack > > 354 win 32768 (DF) > > 07:43:50.201616 192.151.11.32.80 > 111.111.1.1.1037: . > > 1:1461(1460) ack 354 > > win 32768 (DF) > > 07:43:50.202799 192.151.11.32.80 > 111.111.1.1.1037: . > > 1461:2921(1460) ack > > 354 win 32768 (DF) > > 07:43:50.203198 111.111.1.1.1037 > 192.151.11.32.80: . ack > > 2921 win 8760 (DF) > > 07:43:50.284190 192.151.11.32.80 > 111.111.1.1.1037: . > > 2921:4381(1460) ack > > 354 win 32768 (DF) > > 07:43:50.285364 192.151.11.32.80 > 111.111.1.1.1037: . > > 4381:5841(1460) ack > > 354 win 32768 (DF) > > 07:43:50.285781 111.111.1.1.1037 > 192.151.11.32.80: . ack > > 5841 win 8760 (DF) > > 07:43:50.286605 192.151.11.32.80 > 111.111.1.1.1037: . > > 5841:7301(1460) ack > > 354 win 32768 (DF) > > 07:43:50.364794 192.151.11.32.80 > 111.111.1.1.1037: . > > 7301:8761(1460) ack > > 354 win 32768 (DF) > > 07:43:50.365226 111.111.1.1.1037 > 192.151.11.32.80: . ack > > 8761 win 8760 (DF) > > 07:43:50.365996 192.151.11.32.80 > 111.111.1.1.1037: . > > 8761:10221(1460) ack > > 354 win 32768 (DF) > > 07:43:50.367277 192.151.11.32.80 > 111.111.1.1.1037: . > > 10221:11681(1460) > > ack 354 win 32768 (DF) > > 07:43:50.367667 111.111.1.1.1037 > 192.151.11.32.80: . ack > > 11681 win 8760 (DF) > > 07:43:50.399393 111.111.1.1.1038 > 192.151.11.32.80: S > > 632332:632332(0) win > > 8192 <mss 1460,nop,nop,sackOK> (DF) > > 07:43:50.400059 111.111.1.1.1039 > 192.151.11.32.80: S > > 632332:632332(0) win > > 8192 <mss 1460,nop,nop,sackOK> (DF) > > 07:43:50.400670 111.111.1.1.1040 > 192.151.11.32.80: S > > 632333:632333(0) win > > 8192 <mss 1460,nop,nop,sackOK> (DF) > > 07:43:50.444329 192.151.11.32.80 > 111.111.1.1.1037: . > > 11681:13141(1460) > > ack 354 win 32768 (DF) > > 07:43:50.445530 192.151.11.32.80 > 111.111.1.1.1037: . > > 13141:14601(1460) > > ack 354 win 32768 (DF) > > 07:43:50.445944 111.111.1.1.1037 > 192.151.11.32.80: . ack > > 14601 win 8760 (DF) > > 07:43:50.446788 192.151.11.32.80 > 111.111.1.1.1037: . > > 14601:16061(1460) > > ack 354 win 32768 (DF) > > > > Any help in getting this working will be appreciated. :) > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0003261728080.45830-100000>