In case I'm not the only one who has run into this problem, here's what happened and what fixed things.
On my potato firewall box, I ran a custom 2.2.15 kernel with the stock PPPoE package (Roaring Penguin v 1.0-1) from the Debian archive with good results. The only problem was that for unclear reasons, some web sites wouldn't come across the connection. Then I tried to upgrade to a 2.2.17 kernel (still potato--which means the 2.2.17-pre-6 source). At that, my PPPoE connection to PacBell DSL tanked. The connection would start and then it would die after a handful of packets. I thought that the old version of PPPoE might be the problem, since the current Roaring Penguin version is 2.3. So I debianized and installed the RP tarball. The new version of PPPoE still worked with the 2.2.15 kernel but not with the 2.2.17 kernel. Finally I decided to upgrade the whole box to woody, and recompiled the 2.2.17 kernel with the 2.2.17-1 source that is in the woody distribution. This kernel works beautifully with the RP PPPoE. Two things seem relevant: something got fixed/improved in the kernel source from 2.2.17-pre-6 and 2.2.17-1; and the latest version of RP's PPPoE has an option to lower the maximum TCP segment size, which somehow corrects the problem with getting to certain web sites (like www.hp.com). Bottom line: if you're having trouble with a firewall box running the 2.2.17 kernel, upgrade to woody and install the latest PPPoE from RP (ie don't use the PPPoE in the woody distribution, which is still back at 1.7). Hope this helps anyone else avoid wasting the time I spent trying to work this out! Stan
