Looks like I just had to remove the match line and just use "set reassemble yes no-df" and restart my interfaces on clients. Everything appears to work now.
Still amazes me this wasn't a problem for months. On Tue, Oct 1, 2013 at 4:34 AM, John Tate <j...@johntate.org> wrote: > I've done this, now Google works, but Facebook is still not working > and probably some other sites. > > On Tue, Oct 1, 2013 at 3:34 AM, Luis Coronado <lcoron...@ticoit.com> wrote: >> if you keep set reassemble yes no-df you can (must?) remove the match in on >> pppoe0 scrut (max-mss 1440 no-df reassemble tcp) >> >> -luis >> >> >> >> On Mon, Sep 30, 2013 at 11:30 AM, John Tate <j...@johntate.org> wrote: >>> >>> It worked for a while but since rebooting my router now none of my >>> computers work to access google.com, gmail.com works. Many other sites >>> are not working, it is very frustrating. >>> >>> Clients on the wireless also don't work, it is the same problem. I can >>> ping all the sites I can't access the problem appears to be with HTTP. >>> >>> Since starting the thread I have changed my pf.conf on advice of other >>> users to have these lines... >>> set reassemble yes no-df >>> match in on pppoe0 scrub (max-mss 1440 no-df reassemble tcp) >>> >>> Any more ideas? >>> >>> On Tue, Oct 1, 2013 at 2:51 AM, John Tate <j...@johntate.org> wrote: >>> > Things are working fine from another one of my computers, it must be >>> > something to do with the computer I'm using. Sorry about that >>> > everyone. >>> > >>> > On Tue, Oct 1, 2013 at 2:48 AM, John Tate <j...@johntate.org> wrote: >>> >> Yeah I am using my lan not the wlan. I've not got to even seeing if >>> >> the wlan even works yet, though it used to with that configuration. >>> >> The worst thing is the hosts occasionally manage to work for a split >>> >> second, and stop again. I'm certain there is nothing wrong with my ISP >>> >> unless they have trouble with this particular setup. It worked for >>> >> months with no problems, and then they started happening. >>> >> >>> >> On Tue, Oct 1, 2013 at 2:44 AM, Luis Coronado <lcoron...@ticoit.com> >>> >> wrote: >>> >>> Im afraid I only read the last post of the email thread about >>> >>> match/scrub/mtu. That is why I suggested the set option in my previous >>> >>> email. >>> >>> >>> >>> The fact that your router can contact the destination hosts without >>> >>> issues >>> >>> but not the internal hosts forces me to believe that there isnt, at >>> >>> least at >>> >>> this stage a mtu related problem. >>> >>> >>> >>> I see that you serve your LAN over athn0. You can find out if there >>> >>> are >>> >>> issues with your wireless setup by running ifconfig athn0 debug and >>> >>> watching >>> >>> /var/log/messages. athn0 power savings fix was submitted almost a year >>> >>> ago >>> >>> but how knows you could be the happy owner of a particular card that >>> >>> doesnt >>> >>> work as expected. >>> >>> >>> >>> Have you tried running your lan from the ethernet card instead? >>> >>> >>> >>> -luis >>> >>> >>> >>> >>> >>> >>> >>> On Mon, Sep 30, 2013 at 10:32 AM, John Tate <j...@johntate.org> wrote: >>> >>>> >>> >>>> On Tue, Oct 1, 2013 at 2:29 AM, Luis Coronado <lcoron...@ticoit.com> >>> >>>> wrote: >>> >>>> > set reassemble yes no-df >>> >>>> > >>> >>>> > I tried using match and scrub rules without luck, but the >>> >>>> > 'reassemble >>> >>>> > yes >>> >>>> > no-df' solved my problems with the GRE tunnels we use among >>> >>>> > networks. >>> >>>> > >>> >>>> > Just make sure you dont have set skip on pppoe0 >>> >>>> > >>> >>>> > -luis >>> >>>> Just trying this, something got through for a second but once again >>> >>>> queries to google and other sites don't work. It is still unreliable. >>> >>>> > >>> >>>> > >>> >>>> > >>> >>>> > On Mon, Sep 30, 2013 at 10:26 AM, John Tate <j...@johntate.org> >>> >>>> > wrote: >>> >>>> >> >>> >>>> >> Well max-mss doesn't seem to help I can still only access gmail >>> >>>> >> and >>> >>>> >> not google.com.au. Also it has become suddenly selective after >>> >>>> >> months >>> >>>> >> with no problem so I wonder if this is the default these days. >>> >>>> >> Still >>> >>>> >> problems. >>> >>>> >> >>> >>>> >> On Tue, Oct 1, 2013 at 2:02 AM, James Shupe <jsh...@hermetek.com> >>> >>>> >> wrote: >>> >>>> >> > On 2013-09-30 10:58, John Tate wrote: >>> >>>> >> >> >>> >>>> >> >> It would help if you told me how to do this... >>> >>>> >> >> >>> >>>> >> >> # ifconfig pppoe max-mms 1400 >>> >>>> >> >> ifconfig: max-mms: bad value >>> >>>> >> >> # ifconfig pppoe0 max-mms 1440 >>> >>>> >> >> ifconfig: max-mms: bad value >>> >>>> >> >> >>> >>>> >> > >>> >>>> >> > match on $ext scrub (max-mss 1400) >>> >>>> >> > >>> >>>> >> > in /etc/pf.conf >>> >>>> >> > >>> >>>> >> > Also, don't top post. >>> >>>> >> > >>> >>>> >> > -- >>> >>>> >> > James Shupe >>> >>>> >> > >>> >>>> >> > >>> >>>> >> >>> >>>> >> >>> >>>> >> >>> >>>> >> -- >>> >>>> >> www.johntate.org >>> >>>> >> >>> >>>> > >>> >>>> >>> >>>> >>> >>>> >>> >>>> -- >>> >>>> www.johntate.org >>> >>> >>> >>> >>> >> >>> >> >>> >> >>> >> -- >>> >> www.johntate.org >>> > >>> > >>> > >>> > -- >>> > www.johntate.org >>> >>> >>> >>> -- >>> www.johntate.org >>> >> > > > > -- > www.johntate.org -- www.johntate.org
