Tom Oehser <[EMAIL PROTECTED]> wrote:
>
> How could some HTTP sites masquerade, and others fail? I'm confused.
This problem is often caused by IP fragmentation problems. The site
that you connect to is trying to send large amounts of data quickly,
more than will fit into a single ethernet packet. When the packet is
fragmented, something along the link is dropping the extra fragments.
One thing that can cause this is a 2.0 kernel as your masq box, in which
the CONFIG_IP_ALWAYS_DEFRAG option was not specified. Since fragments
do not carry port information, they cannot be masqueraded, and you'll
end up dropping them. If they are reassambled on the masq box, they can
be demasqueraded without loss.
Another thing, more nebulous, that can cause this is the use of a
setting other then "1500" for your MTU size in your PPP configuration.
I recommend that if you have already turned on CONFIG_IP_ALWAYS_DEFRAG,
that you further go ahead and try adding "mtu 1500" to your pppd options
list, and see if that has any effect. Many people find that it does.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut
sometimes known as David DeSimone || butter quite like unrequited love."
http://www.dallas.net/~fox/ || -- Charlie Brown
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
