On Tue, Oct 23, 2001 at 12:09:36PM +0200, Emmanuel Lacour wrote:
> Hi,
>
> It's maybe a little bit off topic, but I think someone in this list can
> help me:
>
> I've got a firewall debian potato, kernel 2.2.17pre6, doing masquerading
> and other rules over an adsl pppoe line. All worked perfectly but since
> two weeks ( without doing any changes ) I'm unable to go to certain
> sites. Tcpdump show me that the connection close in the middle.
> Something like this:
>
>
> 11:36:16.439327 a.b.c.26.https > d.e.f.36.62968: P
> 1269:1340(71) ack 214 win 17307 (DF)
> 11:36:16.495429 d.e.f.36.62969 > a.b.c.21.www: S
> 10634093:10634093(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
> 11:36:16.571944 d.e.f.36.62968 > a.b.c.26.https: . ack 1340
> win 7421 (DF)
> 11:36:16.591005 a.b.c.21.www > d.e.f.36.62969: S
> 3660606280:3660606280(0) ack 10634094 win 17520 <mss
> 1460,nop,nop,sackOK> (DF)
> 11:36:16.591218 d.e.f.36.62969 > a.b.c.21.www: . ack 1 win
> 8760 (DF)
> 11:36:16.591569 d.e.f.36.62969 > a.b.c.21.www: P 1:267(266)
---------------------------------Snip--------------------------
Ok , to close this message (out of list topics), I just explain how I
solved my problem.
A few days ago I was playing with ipsec and adsl pppoe. This was a mtu
problem so I played with clampmss fragicmp overridemtu in rp-pppoe and
ipsec.conf.
And I leaved pppoe.conf with a clampmss=no.
I set it to 1412 and now all works perfectly.
The end.
--
Easter-eggs Sp�cialiste GNU/Linux
44-46 rue de l'Ouest - 75014 Paris - France - M�tro Gait�
Phone: +33 (0) 1 43 35 00 37 - Fax: +33 (0) 1 41 35 00 76
mailto:[EMAIL PROTECTED] - http://www.easter-eggs.com
PGP signature
