Date: Wed, 11 Jul 2001 20:34:17 +1000 From: Rob Secombe <robseco@teksupport.net.au> To: freebsd-isp@freebsd.org Subject: Re: Can anyone explain this? Message-ID: <3.0.5.32.20010711203417.03722b20@secombe> In-Reply-To: <3B4729A4.18892.B6CBA25@localhost> References: <3.0.5.32.20010708003023.03759b60@secombe>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi All,
Thanks to all that replied. In the end I decided to take the path of least
resistance and build a new firewall on 4.3. It appears that thanks to Brian
Somers this is now fixed by default in the latest and greatest userland ppp.
[tcp]mssfixup
Default: Enabled. This option tells ppp to adjust outgoing TCP
SYN packets so that the maximum receive segment size is not
greater than the amount allowed by the interface MTU.
Cheers
Rob
At 15:24 07/07/01 -0400, Gene Bomgardner wrote:
>I had exactly the same problem using 3.4. Once I upgraded to 4.3
>everything worked fine.
>
>Gene
>
>
>On 8 Jul 2001, at 0:30, Rob Secombe wrote:
>
>Hi all,
>
>I recently upgraded a customers link from ISDN using a TA to ADSL
>using the Alcatel Speed Touch Home ADSL modem and pppoe, as
>supplied
>by the access provider. The machine is acting as a gateway/firewall
>with one NIC connected to the LAN and a second connecting the
>ADSL
>modem and uses userland ppp -nat and ipfw.
>
>Here is the problem. Everthing works fine from the gateway
>machine to
>any machine on the inside or the outside. Browsing works ok
>provided
>we use a proxy on the gateway. As soon as we try to forward
>packets
>across the gateway via ppp nat something goes awry. For
>instance, if I
>try to collect mail from an external pop server the client will
>establish a connection but will not transfer data. Passive FTP works
>ok from the gateway but not from a workstation on the inside. We were
>ipforwarding external smtp to a internal mail server but that doesn't
>work either. I have temporarily set up sendmail on the gateway to
>route the mail to the internal server. which does work. The wierd
>thing is that I can ping hosts across the gateway with varing packet
>sizes, establish a telnet session with a pop server and even manually
>do a 'retr' but if I use a mail client it locks up and the pop server
>drops the connection. The Internal network is not using 'private' ip's
>but the customer owns the class c, it is behind NAT and the network is
>not advertised. I have also tried it with the firewall open but to no
>avail.
>
>Here is the config:
>
>FreeBSD 3.4-RELEASE
>
>ppp.conf
>
>adsl:
> set device PPPoE:rl1
> set mru 1492
> set mtu 1492
> set authname xxxxxxxx
> set authkey xxxxxxxxx
> set speed sync
> enable lqr
> set cd 5
> set dial
> set login
> set redial 0 0
> set ifaddr 0/0 0/0
> add default HISADDR
> nat enable yes
> #nat port tcp 203.34.150.3:25 25
> nat port tcp 203.34.150.3:80 8000
> nat port tcp 203.34.150.2:80 80
> nat port tcp 203.34.150.5:80 8080
> nat port tcp 203.34.150.5:81 8001
> nat port tcp 203.34.150.5:13000 13000
> nat port tcp 203.34.150.5:13001 13001
> nat port tcp 203.34.150.5:13999 13999
>
>ifconfig
>
>rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 203.34.150.1 netmask 0xffffff00 broadcast 203.34.150.255
> ether 00:60:67:06:94:0b media: autoselect (100baseTX
> <half-duplex>) supported media: autoselect 100baseTX
> <full-duplex> 100baseTX
><half-duplex> 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP
>10baseT/UTP <half-duplex> rl1:
>flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 10.0.0.1 netmask 0xff000000 broadcast 10.255.255.255
> ether 00:60:67:79:61:c2 media: autoselect supported media:
> autoselect 100baseTX <full-duplex> 100baseTX
><half-duplex> 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP
>10baseT/UTP <half-duplex> tun0:
>flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
> inet xxx.xxx.xxx.xxx --> yyy.yyy.yyy.yyy netmask 0xffffff00
>
>Anybody got any ideas - 'cause I have run out.
>
>Thanks
>
>Rob.
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-isp" in the body of the message
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.20010711203417.03722b20>