Re: Suspect fragmented packets.

2012-08-06 Thread David Walker
Remi Locherer remi.locherer () relo ! ch The MSS field from your syn packages tells the other side what max package size you accept. I found this white paper helpful to understand MTU, PMTUD and MSS: You are apparently correct. This doesn't help: match in all scrub (no-df) This does help:

Re: Suspect fragmented packets.

2012-08-06 Thread David Walker
Daniel Melameth daniel () melameth ! com What have you tried? MSS probably incorrectly. I had a 4.9 install I think with a lot of rules but I've started from scratch with 5.1 over the weekend and I think I've got it now. TCP negotiates MSS so a TCP session will never have an MSS higher than

Re: Suspect fragmented packets.

2012-08-06 Thread Stuart Henderson
On 2012-08-06, David Walker davidianwal...@gmail.com wrote: Interestingly this is the exact setup that ran with the previous ISP so presumably they handled all that within their network and passed on packets somewhat smaller than 1500 to me. I never had to reassemble packets or scrub them or

Suspect fragmented packets.

2012-08-05 Thread David Walker
Hi. I've had a bridged modem and OpenBSD gateway setup for years on a particular Australian ISP. I've never re-assembled packets and worried over MTU or fragments. Everything just worked ... Recently one of the companies I work for changed ISP. I swapped the relevant details on the gateway,

Re: Suspect fragmented packets.

2012-08-05 Thread Daniel Melameth
On Sun, Aug 5, 2012 at 7:50 AM, David Walker davidianwal...@gmail.com wrote: I've had a bridged modem and OpenBSD gateway setup for years on a particular Australian ISP. I've never re-assembled packets and worried over MTU or fragments. Everything just worked ... Recently one of the companies

Re: Suspect fragmented packets.

2012-08-05 Thread David Walker
Daniel Melameth daniel () melameth ! com wrote: When using pppoe(4), MSS can be a problem. I recommend you read the MTU/MSS ISSUES section of the man page and see if that resolves your issue. I have read and tried. As far as I can see there's an issue with incoming packets. AFAIUI, MSS will

Re: Suspect fragmented packets.

2012-08-05 Thread Remi Locherer
On Mon, Aug 06, 2012 at 12:54:48AM +0930, David Walker wrote: Daniel Melameth daniel () melameth ! com wrote: When using pppoe(4), MSS can be a problem. I recommend you read the MTU/MSS ISSUES section of the man page and see if that resolves your issue. I have read and tried. As far as

Re: Suspect fragmented packets.

2012-08-05 Thread Daniel Melameth
On Sun, Aug 5, 2012 at 9:24 AM, David Walker davidianwal...@gmail.com wrote: Daniel Melameth daniel () melameth ! com wrote: When using pppoe(4), MSS can be a problem. I recommend you read the MTU/MSS ISSUES section of the man page and see if that resolves your issue. I have read and tried.