On Mon, 09/12/2011, 14.45 +0200, Frank Heydlauf wrote:
> Hi Odette,
>
> On Mon, Sep 12, 2011 at 02:32:10PM +0200, Odette Nsaka wrote:
> > bg image(file:///home/tecnico)
> > Please, did anybody experience any similar behaviour?
> > Suggestions? Shoud I stay on 1.2.3?
>
> I've seen such things caused by mismatching MTU size.
> As long as you use small packets (SMTP handshake)
> everything looks OK - with larger packets (data part)
> the connection breaks.
That makes sense. I've been playing around with the MTU values, setting
them small, but it did not make any difference.
>
> Do you have automatic PMTUD enabled? - in special
> the required ICMPs allowed? ...
I know that in PF the default policy is to block everything coming into
the WAN interface. Anyway, to avoid some possible errors, I usually set
the last line in the firewall chains as "drop everything". (block
any/any)
The same I did in the WAN FW rules page: the last rule is "block
everything", and I have no rules to allow incoming ICMP packets.
AFAIK PMTUD should be enabled by default in PF. Are the ICMP type=3
code=4 packets ("Fragmentation needed but no frag. bit set" AKA PMTUD)
allowed to come in? I don't see anything related to this
in /tmp/rules.debug.
Does the last "block everything" rule block also the PMTUD packets?
In 1.2.3 was it different? The question is: why, with the same
configuration, everything is working in 1.2.3 but not in 2.0? Which are
the changes related to this strange behaviour?
> BTW - this would be a generic firewall+DSL problem - not
> special to PF.
Once again (sorry) if it were not related to PF, I cannot understand why
two different version of PF, in the same environment and with the same
configuration, behave differently?
Odette
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
