TCP packets don't flow from external hosts to WinVista clients behind nat

[Miz0]

Hello...
I've got a strange trouble...
FreeBSD 6.2 amd64 as nat-router:
rl0 85.249.249.249 -> ISP
fxp0 10.0.0.1 -> My Internat Net
natd/ng_nat
ipfw: allow all from any to any

WinXP client machines work fine behind nat, but WinVista, FreeBSD 
(5.5/6.2) clients don't.
It's very strange but it's unable to establish any TCP internet 
connection from non WinXP host. ICMP and UDP packets flows normally.
For example, I can ping host ya.ru, get DNS-reply from internet servers, 
play games via UDP, but i can't view web pages, open shh session and 
just can't "telnet" to any port
Traffic from/to my net is not filtering by firewalls at all. I've tested 
it with natd ang ng_nat - there's no difference! I've tried to solve 
this problem during last week =( Unfortunately, i can't. Now i'm going 
to try using pf or ipfilter instead of ipfw or ever reinstall server OS 
and may be change freebsd architecture to i386.


Any ideas ?
P.S.Sorry for my bad english.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: TCP packets don't flow from external hosts to WinVista clients behind

[MIZ0]

> Could be TCP window scaling. See
> http://en.wikipedia.org/wiki/TCP_window_scale_option
> Or the plain old PMTUD problem described in
> 
http://www.cisco.com/en/US/tech/tk870/tk877/tk880/technologies_tech_note09186a008011a218.shtml#backinfo

>
> =Adriaan=

Nothing helps.
I've tried to change client's mtu, even shrinked packets with ng_tcpmss 
- no effect.
I don't understand why freebsd machines from internal network can't 
establish  any TCP connection to external net too.

Can ipfw or netgraph detect client's OS type and allow only Windows XP ? =))
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"