Am Dienstag, 10. Mai 2005 00:42 schrieb Frank de Bot:
Hi,
I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites like
Google for instance does work, but many other don't. All other protocols
I guess you're using an A-DSL line with PPPoE, right?
If so, see tcp-mss fix. PPPoE
Seeing snippet of your firewall rules is not giving us enough info
to work on.
You have to post complete rule set because of the way rules are
processed.
Also an explanation of your private network layout and how you
connect to the internet is needed.
List sites you can not access.
Emanuel Strobl wrote:
Am Dienstag, 10. Mai 2005 00:42 schrieb Frank de Bot:
Hi,
I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites like
Google for instance does work, but many other don't. All other protocols
I guess you're using an A-DSL line with PPPoE, right?
If so, see tcp-mss
The ipfw rules standing without any other rules and '65535 allow ip from
any to any' as last rule give the same behaviour. So it's not a
firewall case.
The network layout is posted in my reaction to Emanuel.
Sites I can't access are:
www.tweakers.net
www.fok.nl
www.yahoo.com
Am Dienstag, 10. Mai 2005 01:04 schrieb Frank de Bot:
Emanuel Strobl wrote:
Am Dienstag, 10. Mai 2005 00:42 schrieb Frank de Bot:
Hi,
I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites
like Google for instance does work, but many other don't. All other
protocols
I
Emanuel Strobl wrote:
The problem is the same: IP-IP tunneling reduces TCPs mss which the linux
box doesn't fix. ICMP will work of course, TCP with full payload won't.
I don't knwo how/why you tunnle IP into IP on that linux box, but that's
the point where you have to dig.
Good luck,
-Harry
Am Dienstag, 10. Mai 2005 01:19 schrieb Frank de Bot:
Emanuel Strobl wrote:
The problem is the same: IP-IP tunneling reduces TCPs mss which the
linux box doesn't fix. ICMP will work of course, TCP with full payload
won't. I don't knwo how/why you tunnle IP into IP on that linux box,
but
