Odd firewall problem.
Daniel Roethlisberger
daniel@roe.ch
Tue, 25 Sep 2001 01:14:25 +0200
Cameron <hiryu@21andover.com> wrote:
> I can view webpages on some servers, but not others from systems
> behind the firewall, but I CAN view these webpages from these
> servers from the firewall itself (using lynx).
[...]
> I'm using Pacific Bell ADSL via PPPoE, and have been the whole
> time, even before this problem came about.
[...]
> http://people.unix-fu.org/andreasson/index.html
> idsoftware.com
Broken path MTU discovery. Usually caused by braindead sysadmins
who block all ICMP, not letting through vital types of ICMP
messages. Those two sites seem to block all ICMP.
Solutions: first, get the sysadmin(s) in question to let through
ICMP Destination Unreachable; second, set your clients MTU to
1452; and third clamp the TCP MSS down to 1412. rp-pppoe does this
for you, you just need to enable it in /etc/ppp/pppoe.conf; or
else you can use netfilter to clamp it down.
See http://www.worldgate.ca/~marcs/mtu/ for some more information
on the problem.
Cheers,
Dan
--
Daniel Roethlisberger <daniel@roe.ch>
PGP Key ID 0x8DE543ED with fingerprint
6C10 83D7 2BB8 D908 10AE 7FA3 0779 0355 8DE5 43ED