Timothy J. Massey wrote:
Things will generally work themselves out, if everyone involved properly supports TCP/IP networking. The problems you describe are symptomatic of Microsoft (motto: We don't understand how TCP works) networking, and broken MTU path discovery in general. Dig through the support archives for any WAN tunneling product (that wraps packets and hence affects the end-to-end MTU), and you'll find *LOTS* of references to Microsoft's broken MTU path discovery, and broken PMTU discovery in general. See for example:Hello!I am an idiot. I'm pretty sure this is a PPPoE connection: it's from a 3rd party reseller, but they're just reselling good old SBC/Ameritech DSL, and screwing the customer with PPPoE. The DSL router hides the most of the PPPoE hassle (login, et. al.), but the MTU is still there... The part I don't get is twofold: 1) Why does it work sometimes? and 2) Why does normal browsing work just fine? I've dealt with PPPoE/MTU-type problems before, and they've killed both incoming and outgoing connections. Of course, that was with another (non-Linux) firewall product. But I still don't know why it works for outgoing (NAT) stuff.
http://lists.freeswan.org/pipermail/users/2002-October/015429.html
Browsing probably works fine because you're sending small packets that don't have to be fragmented. The problems arise when large packets are sent with the "don't fragment" IP header option set, and the sending box either ignores or never recieves the ICMP error messages about the packet being too large...
As long as the packets are TCP and can be fragmented, all you're doing is slowing down the link (added latency due to packet fragmentation/reassembly), but things should still work. Why your outbound traffic would get dropped is still strange, since it shouldn't generally have the don't fragment option set, but that's the first thing I'd verify (with a sniffer or something). If the don't fragment option is set, you can go about trying to find out why and how to change this (os dependent). If the don't fragment option is *NOT* set, and you're still having packets dropped, you'll definately want to figure out what is actually causing the traffic to be blocked...my first guess would be firewall rules.
--
Charles Steinkuehler
[EMAIL PROTECTED]
-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
