Y'know, I had this *exact* same problem with my Linux firewall using PPPoE. It turned out to be that I hadn't loaded the mssclampfw.o module. From what I understand this module sets your MTU to 1490 so that your packets can fit inside a PPPoE packet. PPPoE encapsulates your packets with at least an extra 10 bytes.
You can try lowering the MTU on your client machines behind the NetGear unit and that may fix the problem. Has NetGear technical support been contacted? Mike. > ----- Original Message ----- > From: "Lauren Horn" <[EMAIL PROTECTED]> > To: "Firewalls List" <[EMAIL PROTECTED]> > Sent: Wednesday, December 12, 2001 7:24 PM > Subject: NetGear FR314/PPPoE possible routing problem > > > > A client of mine must get his broadband connection via DSL from a > > particular ISP (Whose staff, I'll say at the start, have been > > unfailingly pleasant to deal with but who admit to having no idea > > what's wrong.) > > > > The client wants a stateful packet inspection (hereinafter STPI) > > firewall rather than a simple NAT box, and we have tried two: the > > SOHOware NBG800 and the NetGear FR314. The SOHOware unit was knocked > > out due (the ISP says) to an incompatible and non-adjustable MTU. The > > NetGear unit almost works, and that's where it gets interesting. > > > > The problem in a nutshell: > > > > With the firewall in place, some web sites won't load, or rather load > > so slowly that something times out before they complete. With the DSL > > modem connected directly to the client's PC, the sites load fine. > > > > It seems that either the NetGear box has a suble routing problem that > > occurs only when it is hooked to a PPPoE ISP, or the ISP has a sutble > > problem, perhaps with STPI firewalls, that they can't figure out. > > > > The details: > > > > FWIW I have tried Both IE5x and Netscape 4.7x browsers. A few sites > > are marginal, and work intermittently with the firewall in place. > > (DSLreports, for example.) > > > > A perfect example of the problem is found in the ISP/phone company's > > own web pages. www.acsalaska.com comes up fine, but (with the > > firewall in place) www.acsalaska.net does not. > > > > FWIW, I can ping sites that allow it to my heart's content, regardless > > of whether the firewall is in place or not. The reply times were in > > line with what I expect up here. > > > > This problem has been reproduced during three site visits on different > > days. The ISP's and NetGear's techs thought there was something wrong > > with the firewall itself. So I used the unit in my own network, which > > uses a cable modem (non-PPPoE) for Internet access, and had no problem > > with it. > > > > The only router/firewall supported by this ISP is a Nexland NAT-only > > unit. One ISP tech said SonicWALL's firewalls will not work with > > their service, but couldn't say why. That last piece of information > > is my only lead, as I hear rumor that the FR314's firmware is licensed > > from SonicWALL. > > > > I know of other STPI firewalls in the under-$200 range, but I want to > > have some idea of what's wrong before the client buys another one. > > > > Well, I've tried to keep all this short, and I apologize for failing. > > Does this problem ring any bells? > > > > -Lauren > > > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
