Wooky, just a hunch here. But about 2 years ago we had this problem with a FreeBSD box. pinging sites worked fine but when we tried to ftp or http we got broken and hung sites. Turns out that the proxy set up on it set the Fragmentation config to <1500 don't fragment >1500 fragment... now if you notice there is nothing specified for 1500 So when we reset our boxes to 1471 (packet + 8bytes of ICMP header + 20 bytes packet data) pings went through... at 1472 they got popped into the land of confusion.
Try this ping -s 1472 xxx.com and see what happens... play around a bit with this to find the range. But it sounds like to me it's blocking and or dropping large packets but letting small ones like a normal ping (56 + 8 or 64byte) packets through just fine. Normally ping -s 1472 xxx.com works but ping -s 1473 xxx.com gets dropped... BUT if the forget the equal on 1500 then 1471 is as large as you can go on the ping. The other chance is that it's blocking anything over 1500 MTU and as a result if your box is set with MTU 1500 and there is any overhead added it could well slow you down. or block you all together. (Do not fragment might do this) Reseting MTU size is something I'd have to look up... like I said it's been two years... James On Fri, 2002-11-15 at 15:12, Jeferson Lopes Zacco wrote: > Todd Lyons wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Jeferson Lopes Zacco wrote on Wed, Nov 13, 2002 at 07:59:19PM -0200 : > > > >>yep it is. SainTiss told me that in the newbie list (thanks!). As I > >>said, I can ping/resolve hosts fromthe client, but it does not transfer > >>(large chunks of?) data. Weird. Perhaps it has smthing to do with msec? > >> > > > > Define "transfer". Does http work? Does ftp not work? Does rsync > > work? Does ssh work? > > > > I suspect that you need to modprobe the ip_conntrack_ftp and ip_nat_ftp > > modules. > Humm not really. The modules get loaded (the script takes care of that). > > > Basically I am interested in http and ftp. http/ftp transactions do not > work properly; i.e, I can't download a full webpage, I can't ls in an > ftp site. The packets simply do not arrive. This looks like a > MTU/MRU/MSS related problem, BUT, what annoys me is that everything > works fine in MDK 8.1. And the configuration is identical. > > > > Wooky -- James Sparenberg <[EMAIL PROTECTED]>
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com