Re: sudden problems with masqueraded connections over a t-dsl line

To: debian-user@lists.debian.org
Subject: Re: sudden problems with masqueraded connections over a t-dsl line
From: WaldeG@t-online.de (Waldemar Gorus)
Date: Tue, 11 Jun 2002 23:13:25 +0200
Message-id: <[🔎] 20020611231325.2f56e588.waldeg@t-online.de>
In-reply-to: <[🔎] HCEMJFCLCIHFIMINEDPAMELPDJAA.pl@dlh.net>
References: <[🔎] HCEMJFCLCIHFIMINEDPAMELPDJAA.pl@dlh.net>

On Tue, 11 Jun 2002 22:07:59 +0200
"Peter Lieven" <pl@dlh.net> wrote:

> since friday my isp german telekom changed some configuration in their
> routers.
My english is bad, I'm sorry. I hope you can understand it.

My network showed the same behaviour some weeks ago.
The problem is your mtu (Maximum Transfer Unit) on your Linuxclients.
The usual ethernet config uses 1500 bytes. 
Everything would be fine, but for the dial-up technic, your ISP-provider
needs pppoe. PPPOE need 8 additionally bytes, so you have a size of 1508.

The server of your provider you are connected to, only allow a size of
1500. 1500- 8 = 1492, so your maximum transfersize of your linuxclients
has to be 1492. Use: ifconfig ethx mtu 1492

If you are using iptables, check the manual for other ways, to handle the
oversized packages of your clients.

Your internetserver is already configured with this mtu-size, take a look
on your ippp0-connection using ifconfig. Every package is automatically
reduced to this size. (The are never packages with a size of 1508 bytes
being send to your network-cable, this is all very roughly described)

I can give you only a assumption, why it happend suddenly.
The Telekom-server is a such called blackhole-server. That means it sends
no ICMP-Message to you. So it dont even send a message to you, if he has
received a oversized package. Looks like they changed the behaviour from
sending a ICMP-message to sending No-ICMP-Messages.

btw.: I can send packages of mtu-size of 1500 again. maybe I should check
the incoming ICMP-Messages :-)

cu
walde

> everytime when i connect to remote host through my firewall who is
> masquerading
> internal connections the connection to the remote host freezes after a
> certain number of bytes has been
> transferred. i changed nothing on my firewall config. i asked the isp to
> reset my dsl port and check their
> equipment. i also changed the masquerading port range in case they want
> to prevent their customers
> from masquerading (don't ask why). when i ssh to my firewall and connect
> directly to the remote machine
> everything is working fine. at the moment i installed some port
> forwarders on my firewall to connect directly
> to a remote machine. if i use them or a some other local proxy it works
> fine. only masqueraded connections
> are stalling

> is there anyone out there who had the same experience or knows any
> workarounds or has
> any ideas how i can find out what exactly freezes the connection.
> 
> one strange thing that came along with this that i'm not able to ping my
> p-t-p partner, but its pingable from
> outside.
> i even used a windows machine to do the dialip connection and nat via
> ics. same strange behaviour.
> 
> thanks for your help
> 
> peter
> 

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- sudden problems with masqueraded connections over a t-dsl line
  - From: "Peter Lieven" <pl@dlh.net>

Prev by Date: howto kill old screen sessions?
Next by Date: routing problem
Previous by thread: AW: sudden problems with masqueraded connections over a t-dsl line
Next by thread: Re: sudden problems with masqueraded connections over a t-dsl line
Index(es):
- Date
- Thread