Ack. The problem was mismatched MTU/MRU settings between the masqed
and masqing boxes. Ugly, nasty, stupid stuff. It's in the IP Masq
FAQ I've been using; seems to be some hosts don't like responding to
fragmented packets. The writers of the FAQ imply the blame lies with
these sites:
...because they are filtering ALL FORMS of ICMP (including
Type4 - Fragmentation Needed) messages in a fray of security
paranoia, they are breaking the fundamental aspects of the
TCP/IP protocol.
Oh well. Things work now. Yay.
And I got to have a whole thread talking to myself. Woo. :)
Mike McGuire
