On Sun, Aug 5, 2012 at 7:50 AM, David Walker <davidianwal...@gmail.com> wrote: > I've had a bridged modem and OpenBSD gateway setup for years on a > particular Australian ISP. I've never re-assembled packets and worried > over MTU or fragments. > Everything just worked ... > Recently one of the companies I work for changed ISP. I swapped the > relevant details on the gateway, hostname.pppoe0 and whatnot, and it > seems that a significant portion of the web is inaccessible, most > websites are accessible but many are not. > DNS resolution seems fine for all domains and of the sites that won't > work some of them will display a title in a browser on an internal > client and that's it. Some of them will send all the html but > ultimately not display. Most simply "time out" ... > I've tred re-assembling packets but it doesn't help. I suspect I'm > being sent fragmented packets with don't fragment set. > Does this sound right? > > If this is right, could I achieve anything by explicitly allowing ICMP > (datagram too large messages) expecting that the upstream hosts will > set path MTU accordingly or is this a wasted effort. > Either way, should I start re-assembling packets and scrubbing > incoming and ignoring the don't fragment bit with no-df ... > > match in all scrub (no-df)
When using pppoe(4), MSS can be a problem. I recommend you read the MTU/MSS ISSUES section of the man page and see if that resolves your issue.
