pfsense NAT, Port forwarding or Openvpn is not working finally.... have lots struggle
On Mon, Jul 25, 2011 at 6:54 AM, Dave Donovan <[email protected]>wrote: > On Fri, Jul 8, 2011 at 1:27 AM, Johan Hendriks > <[email protected]> wrote: > > Yesterday i decided to try PFSense 2.0 RC3 on our ADSL line. > > It all looked good, i could import the old config from the 1.2.3 version > and > > it started up fine. > > > > The i get some phone calls, people good not load web pages, and some did > > load partially. > > > > I did some other test, and indeed, freshport.org, freshsource.org and > > freebsd.org all loaded well, but other sites, like nu.nl and > mountainbike.nl > > did not load. > > I could ping those site's by the way, so ping www.nu.nl worked fine > > Hi Johan, > > Did you get this worked out? If not, try setting the MTU on your WAN > interface to something like 1452. > > To confirm that this is the issue, try the following from a Windows > command line: > ping nu.nl -l 1500 > ping nu.nl -l 1452 > > The first command confirms that it fails with a full size packet. The > second command demonstrates that it works with a smaller packet. > > The short story on this is that the maximum packet size is 1500 but > PPPOE (which is used on your ADSL connection) adds another 8 bytes. > The reason it worked with your pings is that those packets are small > (<200 bytes) so that when PPPOE tacks on another 8 bytes, they're > still below the max. > > The often recommended number for MTU is 1492 (1500 - 8) but I tried > pinging that site with a 1492 byte packet and it failed. Maybe there > are other PPOE links in between us and them and this adds more > overhead? I'm not sure. Perhaps one of the wizards on this list has > the answer. > > I'm not a guru at this stuff so I may be wrong. I hope this solves > your problem, maybe you could reply to the list and let us know what > setting fixes it. > > I hope this helps, > > Dave > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > >
