Re: MPD and fragmentation

Wed, 25 Jul 2007 23:09:59 -0700 

Mihai Tanasescu wrote:

Hello,
With help from another FreeBSD user on this list I was able to set up an MPD pptp server to allow windows machines to connect to it. 

Unfortunately now I've stumbled upon some strange behaviors.
First of all I'm getting icmp losses even if I use a test LAN to make a tunnel to the local FBSD machine, but these don't seem to affect my transfer rate when trying to get a large file via HTTP from the same machine.
What bothers me most is that some sites (like msn.com, microsoft.com, etc) don't seem to be loading. What I first thought about was the mss problem and so I discovered the following:
22:54:36.633254 IP (tos 0x0, ttl 64, id 14254, offset 0, flags [DF], proto: ICMP (1), length: 56) FBSD-IP > 207.68.183.32: ICMP FBSD-IP unreachable - need to frag (mtu 1336), length 36 

In my config file I have:
set iface mtu 1500
set link mtu 1440
set iface enable tcpmssfix

My full config is posted here:
http://pastebin.com/m66a3c05f
My system:
FreeBSD 6.1-RELEASE-p17
MPD 4.1

I played a bit with the above mentioned values with no luck unfortunately.
I'm still wondering (don't know if I'm right) if a too large packet comes from 207.68.183.32 why doesn't it get fragmented upon being sent via ng0 -> pptp1 and instead of this happening my machine sends an ICMP unreachable back. Also I have pf running on that machine with a NAT rule for traffic not destined to the local network (but after several experiments with that nothing changed in regard to the problem I have).
I'm banging my head against the wall as I don't know what else to try anymore. 

Can someone help me out ?



If you use PF, try to add rule

scrub in all fragment rassemble no-df

And VERY carefully check your ruleset. May be you block icmp in some place
and PMTU doesn't work.

As as last resort you can add
 max-mss <some-size> to scrub rule. <some-size> may be some value in
range of 1300-1460.

Sometimes it helps.

--
           Sincerely yours,
                            Artyom Viklenko.
-------------------------------------------------------
[EMAIL PROTECTED] | http://www.aws-net.org.ua/~artem
FreeBSD: The Power to Serve   -  http://www.freebsd.org
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to