Serban Giuroiu wrote: > I have an OpenBSD 3.7 box set up as a router and > server for my home network. It connects to the > Internet through the kernel PPPoE driver. Naturally, I > use pf on that box. Everything runs smoothly, but > there are certain websites that do not load properly > from machines behind the NAT router. > > When trying to access http://mail.yahoo.com or > http://linuxhardware.org, an initial connection is > made, but no further data comes in as the web browser > sits and waits. However, if I open those pages in lynx > from the OpenBSD box, they load without any problems. > Most other websites load correctly from all machines > on my network. > > Searching Google, I found a similar problem posted to > this list a couple years ago in which an MTU setting > and fragmentation were the cause of the strage > behavior > (http://www.monkey.org/openbsd/archive/tech/0211/msg00163.html). > The poster added "scrub out all no-df max-mss 1452" to > his pf configuration and that fixed his problem. > > As recommended in the pppoe(4) man page, I set the MSS > for the pppoe interface to 1440. I played around with > different MSS's and scrubbing out the DF bit, but my > problem remains. Does anyone know what is causing this > strange problem and how to fix it? > > My pf.conf (without queueing rules and bloat) looks > like this: > ------------------------------------------------------- > ppp = "pppoe0" > > table <internal> { 172.16.0.0/22 } > > scrub random-id > scrub fragment reassemble > scrub reassemble tcp > scrub out on $ppp max-mss 1440
FWIW, my pf.conf does not control this. As per man 4 pppoe, albeit vague, I set the MTU on all my NAT clients to 1492 and have had no issues.
