> > MIZ0 <[EMAIL PROTECTED]> wrote: > > > > > Could be TCP window scaling. See > > > http://en.wikipedia.org/wiki/TCP_window_scale_option > > > Or the plain old PMTUD problem described in > > > > > http://www.cisco.com/en/US/tech/tk870/tk877/tk880/technologies_tech_note09186a008011a218.shtml#backinfo > > > > > > =Adriaan= > > > > Nothing helps. > > I've tried to change client's mtu, even shrinked packets with ng_tcpmss > > - no effect. > > I don't understand why freebsd machines from internal network can't > > establish any TCP connection to external net too. > > Sounds to me like you need to carefully go over your network setup. Have > you verified that the problem machines correctly have all the information > they need: proper netmasks, routers, etc? Run tcpdump on both > interfaces of the gateway and see if that provides any hint. > > I have a strong suspicion that you're looking in the wrong place -- > otherwise you would have found the problem. Are there two DHCP servers > on this network? Wouldn't be the first time I saw that problem mess with > someone's head. > > With the information you've provided so far, we're guessing in the dark. > I doubt that ipfw is the culprit, but it's going to take more information > to be sure. > > > Can ipfw or netgraph detect client's OS type and allow only Windows XP ? =)) > > Potentially, but I can't see it doing that by accident. > > -- > Bill Moran > http://www.potentialtech.com
Network settings are ok, there're no any DHCP server in my net. Router's interfaces. rl0 (ISP): flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet 85.249.249.249 netmask 0xffffff00 broadcast 85.249.249.255 ether 00:11:95:5b:84:47 media: Ethernet autoselect (100baseTX <full-duplex>) status: active fxp0 (Internal Net) flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet 10.0.0.2 netmask 0xffffff80 broadcast 10.0.0.127 ether 00:d0:b7:a0:95:cf media: Ethernet autoselect (100baseTX <full-duplex>) status: active I've run "telnet ya.ru 80" under Windows XP: fxp0: 02:34:04.717756 IP (tos 0x0, ttl 127, id 54374, offset 0, flags [DF], proto: TCP (6), length: 48) 10.0.0.3.2723 > ya.ru.http: S, cksum 0x51a0 (correct), 835980332:835980332(0) win 16384 <mss 512,nop,nop,sackOK> - 02:34:04.755485 IP (tos 0x0, ttl 54, id 5070, offset 0, flags [DF], proto: TCP (6), length: 48) ya.ru.http > 10.0.0.3.2723: S, cksum 0x326f (correct), 3512433525:3512433525(0) ack 835980333 win 4096 <mss 1360,sackOK,eol> - 02:34:04.756316 IP (tos 0x0, ttl 127, id 54375, offset 0, flags [DF], proto: TCP (6), length: 40) 10.0.0.3.2723 > ya.ru.http: ., cksum 0x28be (correct), ack 1 win 17680 rl0: 02:34:04.720584 IP (tos 0x0, ttl 126, id 54374, offset 0, flags [DF], proto: TCP (6), length: 48) 85.249.249.249.2723 > ya.ru.http: S, cksum 0x5221 (correct), 835980332:835980332(0) win 16384 <mss 512,nop,nop,sackOK> - 02:34:04.754547 IP (tos 0x0, ttl 55, id 5070, offset 0, flags [DF], proto: TCP (6), length: 48) ya.ru.http > 85.249.249.249.2723: S, cksum 0x32f0 (correct), 3512433525:3512433525(0) ack 835980333 win 4096 <mss 1360,sackOK,eol> - 02:34:04.758703 IP (tos 0x0, ttl 126, id 54375, offset 0, flags [DF], proto: TCP (6), length: 40) 85.249.249.249.2723 > ya.ru.http: ., cksum 0x293f (correct), ack 1 win 17680 And now i've trying to "telnet ya.ru 80" under FreeBSD (i used ip 10.0.0.3 instead of WinXP) fxp0: 02:09:52.627482 IP (tos 0x10, ttl 64, id 3657, offset 0, flags [none], proto: TCP (6), length: 64) 10.0.0.3.61654 > ya.ru.http: S, cksum 0x319a (correct), 2498390137:2498390137(0) win 65535 <mss 512,nop,wscale 1,nop,nop,timestamp 76265599 0,sackOK,eol> *******It repeats 3-5 times, then "telnet" returns "Connection Timed Out" error*********** rl0: 02:09:52.631529 IP (tos 0x10, ttl 63, id 3657, offset 0, flags [none], proto: TCP (6), length: 64) 85.249.249.249.61654 > ya.ru.http: S, cksum 0x321b (correct), 2498390137:2498390137(0) win 65535 <mss 512,nop,wscale 1,nop,nop,timestamp 76265599 0,sackOK,eol> - 02:09:52.665396 IP (tos 0x0, ttl 55, id 27777, offset 0, flags [DF], proto: TCP (6), length: 64) ya.ru.http > 85.249.249.249.61654: S, cksum 0x077a (correct), 45449397:45449397(0) ack 2498390138 win 4096 <mss 1360,nop,wscale 0,nop,nop,timestamp 1643393506 76265599,sackOK,eol> - 02:09:52.665423 IP (tos 0x0, ttl 64, id 56014, offset 0, flags [DF], proto: TCP (6), length: 40) 85.249.249.249.61654 > ya.ru.http: R, cksum 0x6450 (correct), 2498390138:2498390138(0) win 0 I gave up =( _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"