2005/12/7, Stuart Henderson <[EMAIL PROTECTED]>: > >> Your test with 'telnet' gives small enough packets that it probably > >> won't be affected by PMTU problems. > > > > The conclusion that my problem is not PMTU related did not come > > from the telnet test. From what I've read on this, I think that > > descreasing the mtu on my side enough should remove the problem > > due to smaller MSS value sent to the server. > > You'll either need to reduce MTU on the end-host (not on the box doing > NAT), or (easier) use the max-mss option in pf.conf.
Yes, I did that too. In fact, not being sure on which interface should the MTU be altered, I tried to set the MTU on both interfaces of the NAT machine and also on the interface of the client machine to 576. Unfortunately, it did not help, thus my conclusion that the problem is not PMTU related, at least not at my side. If I make a wrong conclusion somewhere, please correct me - I am no network guru, and even if I were I could be wrong still. :) I thought the PMTU problem could be somewhere between me and arenabg.com, at my ISP for example. But if the problem is there no single client of that provider would not have access to this site and this is not true. Am I right on this? I thought some scrub configuration in pf.conf might be causing the problem and tried few scrub settings (including scrubbing disabled), but it did not help either. > > The MTU value on the box doing NAT won't change the MSS on the NATted > packets, it only affects packets coming from the box itself. > > > See above. :) > > Ah, I see now (:
