You got to fix those linebreaks; they were so bad I *had* to reformat things... And the odd uppercase letter wouldn't hurt either... Disclaimer: I'm not familiar with ADSL; I'm on dialup. On Tue, Jun 11, 2002 at 10:07:59PM +0200, Peter Lieven wrote: > since friday my isp german telekom changed some configuration in their > routers. > > everytime when i connect to remote host through my firewall who is > masquerading internal connections the connection to the remote host > freezes after a certain number of bytes has been transferred. I presume that "ping" works OK? (you probably checked, but it's not clear from what you write) > i changed nothing on my firewall config. i asked the isp to reset my > dsl port and check their equipment. i also changed the masquerading > port range in case they want to prevent their customers from > masquerading (don't ask why). > > when i ssh to my firewall and connect directly to the remote machine > everything is working fine. at the moment i installed some port > forwarders on my firewall to connect directly to a remote machine. if > i use them or a some other local proxy it works fine. only masqueraded > connections are stalling > > is there anyone out there who had the same experience or knows any > workarounds or has any ideas how i can find out what exactly freezes > the connection. I've been suffering the same sort of problems. Symptoms were: - Downloading of mail would work. Until a "big" email was being fetched, where it would appear as if the pop3 server just died (=timeout at my end) - Web pages would download fine, but very large images would only ever partially download - Setiathome would never manage to get a full work unit. From the firewall itself, everything would work; but anything behind the firewall would suffer the above symptoms. My workaround was to lower the MTU on my dialup interface - an mtu of 750 and using the --clamp-mss-to-pmtu (man iptables(8)) in the firewall setup did the trick for me. I still doubt whether this is a *real* solution; it feels more like a work-around. Also, it introduces a bit more TCP/IP overhead (relatively speaking) and decreases the net bandwidth available. But it works for me. YMMV > one strange thing that came along with this that i'm not able to ping > my p-t-p partner, but its pingable from outside. i even used a > windows machine to do the dialip connection and nat via ics. same > strange behaviour. Sounds odd. But then I don't know ADSL, so I can't comment. HTH -- Karl E. Jørgensen karl@jorgensen.com www.karl.jorgensen.com /"\ \ / ASCII Ribbon Campaign x - Say NO to HTML in email / \ - Say NO to Word documents in email (and Macros!)
Attachment:
pgps0mErE99GN.pgp
Description: PGP signature