On Tue, Oct 23, 2001 at 12:09:36PM +0200, Emmanuel Lacour wrote: > Hi, > > It's maybe a little bit off topic, but I think someone in this list can > help me: > > I've got a firewall debian potato, kernel 2.2.17pre6, doing masquerading > and other rules over an adsl pppoe line. All worked perfectly but since > two weeks ( without doing any changes ) I'm unable to go to certain > sites. Tcpdump show me that the connection close in the middle. > Something like this: > > > 11:36:16.439327 a.b.c.26.https > d.e.f.36.62968: P > 1269:1340(71) ack 214 win 17307 (DF) > 11:36:16.495429 d.e.f.36.62969 > a.b.c.21.www: S > 10634093:10634093(0) win 8192 <mss 1460,nop,nop,sackOK> (DF) > 11:36:16.571944 d.e.f.36.62968 > a.b.c.26.https: . ack 1340 > win 7421 (DF) > 11:36:16.591005 a.b.c.21.www > d.e.f.36.62969: S > 3660606280:3660606280(0) ack 10634094 win 17520 <mss > 1460,nop,nop,sackOK> (DF) > 11:36:16.591218 d.e.f.36.62969 > a.b.c.21.www: . ack 1 win > 8760 (DF) > 11:36:16.591569 d.e.f.36.62969 > a.b.c.21.www: P 1:267(266) ---------------------------------Snip-------------------------- Ok , to close this message (out of list topics), I just explain how I solved my problem. A few days ago I was playing with ipsec and adsl pppoe. This was a mtu problem so I played with clampmss fragicmp overridemtu in rp-pppoe and ipsec.conf. And I leaved pppoe.conf with a clampmss=no. I set it to 1412 and now all works perfectly. The end. -- Easter-eggs Spécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37 - Fax: +33 (0) 1 41 35 00 76 mailto:elacour@easter-eggs.com - http://www.easter-eggs.com
Attachment:
pgpmPFT7QdG8q.pgp
Description: PGP signature