Re: [m0n0wall] accessing netbsd.org from behind m0n0wall

From:	Manuel Kasper <mk at neon1 dot net>
To:	Frederick Page <fpage at thebetteros dot oche dot de>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] accessing netbsd.org from behind m0n0wall
Date:	Wed, 08 Sep 2004 11:35:28 +0200

On 08.09.2004 01:54 +0200, Frederick Page wrote:

> Same here: also have a Soekris net4801, m0n0wall 1.1,
> DSL-connection. Browser (tried IE and Firebird on XP, Firebird on
> OpenBSD and lynx on Linux) just hangs and keeps waiting forever.

I can reproduce this with my m0n0wall at home (FreeBSD
client/PPPoE/ADSL) too. The problem doesn't seem to be that MSS
clamping is not working, but rather that NetBSD sends packets larger
than [MSS + 40 bytes], which are then fragmented and the fragments
blocked by ipfilter for some reason.

Turning off timestamps in the FreeBSD client (sysctl
net.inet.tcp.rfc1323=0) makes it work.

This is probably related:
<http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=20461>

- Manuel