Date: Wed, 30 Jan 2002 20:56:04 -0500 From: John Brann <john@brann.org> To: questions@freebsd.org Subject: No response on some https connections through NAT Message-ID: <20020130205604.A74375@freebie.brann.org>
next in thread | raw e-mail | index | archive | help
Hi, I have the following setup: +-----------+ +-----------+ +--------------+ +------------+ --| DSL Modem |--- ep0 FreeBSD wi0 ---| Access Point |---fxp0 FreeBSD | | | | laptop | | | | workstation| +-----------+ +-----------+ +--------------+ +------------+ The laptop serves as a firewall and gateway machine. The DSL link requires PPPoE, so the ep0 interface is configured only to carry the PPPoE packets created by ppp(8). The laptop does nat for the internal network. The problem described below occurs with both natd and ppp's own nat. The laptop runs 4.1-RELEASE, the workstation 4.4-STABLE (of last week). For the most part the configuration works perfectly. Up to two other laptops use the wireless network. The problem I am outlining occurs with at least one of them. ppp.conf file from laptop: default: panix: set device PPPoE:ep0 set mru 1492 set mtu 1492 set authname <my name> set authkey <my password> set log Phase tun command set dial set login set ifaddr 10.0.0.1/0 10.0.0.2/0 add default HISADDR PROBLEM: When following certain Web links from the FreeBSD workstation, no page is received. The only pages I am able to reproduce this problem with are https pages - for instance, when trying to log in to Yahoo securely, the page demanding the Security ID is displayed, but after entering the ID, no further response is received. When performing the same web transactions on the laptop, the pages load normally. Using the lynx-ssl port shows information on the progress of the page load - specifically the numerous cookie transactions that precede loading the page. All these preliminary actions appear to take place properly, it is only the data load of the page contents that appears to hang. HYPOTHESIS: I wonder if this has something to do with window or max segment size? I am no expert in tcpdump, but I logged the tun0 device on the laptop for a successful session (from the laptop) and an unsuccessful one (from the workstation). The only significant difference in the packets, up to the point that no more packets passed to the workstation, was the window and max segment sizes. [full tcpdumps available on request]: from laptop: 11:10:47.673435 ip: <my address>.1075 > pp1.vip.scv.yahoo.com.https: \ S 4239492157:4239492157(0) win 16384 <mss 1452,nop,wscale 0,nop,nop,timestamp\ 8990504 0> (DF) From workstation: 11:09:06.698165 ip: <my address>.4723 > pp1.vip.scv.yahoo.com.https: \ S 3795938832:3795938832(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp\ 60657991 0> (DF) HELP REQUIRED: Is my hypothesis valid? If so what can I do? If not what could be causing the problem? Please reply directly to me, I'm not subscribed to questions. Thanks, John -- Unreal City, Under the brown fog of a winter dawn, finger jbrann@panix.com for pgp public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020130205604.A74375>