In article <[EMAIL PROTECTED]>,
Christian Robottom Reis <[EMAIL PROTECTED]> wrote:
>
>I rather think now this isn't a masquerading problem at all. I have no
>idea, actually what it is. From an internal (masqueraded) box, I issue:
[...]
>
>* Which means an HTTP HEAD is coming back fine. However, when I try and
>issue a
>
>GET / HTTP/1.0
>Host: nfs.sourceforge.net
>
>(... time passes)
>
>* I'm left hung (left this on for minutes with nothing ever coming back),
>for no reason. Nothing ever hits my incoming interface again.
Sounds like Path MTU discovery problems. Did you enable
/proc/sys/net/ipv4/ip_always_defrag on the NAT/masq host ?
If that isnt' the problem some in-between gateway or router might be
filtering ICMP packets. I've heard that even hotmail did/does this
on their firewall, which is a bad, bad idea. See
http://www.worldgate.com/~marcs/mtu/
If that is the case, turning off path mtu discovery on the client
is the only solution (through /proc/sys/net/ipv4/ip_no_pmtu_disc)
Mike.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
