Peter Jeremy wrote: > On Sun, 2004-Nov-28 18:43:47 +0200, Claudiu Dragalia-Paraipan wrote: > >>Since the problem occurs only when I connect to the firewall or to a >>server behind it, I started to suspect a hardware failure. Could a >>network card cause such problems ? > > > A couple of people have mentioned path-MTU problems. I've also bumped > into this problem when playing with VLANs where one end of the VLAN > trunk doesn't support long frames - an oversize packet will get ignored > by the receiver without any error being returned. > It seems that packets of size more then 1478 are dropped somewhere, but not on the FreeBSD Firewall. The problem seems to be that it never receives a ICMP "fragmentation needed but DF set". Unfortunately I have control only over the firewall and what's behind it. Next after the firewall (towards internet) there are a switch and a Cisco router. I asked about the settings of this two, and it seems that the switch is used for VLANs, and the Cisco for making a tunnel over fiber channel with the next hop. I have too few information about this at the moment, but I am almost certain that the problems are occuring because of the Cisco router. I did a traceroute from the firewall to outside, and big packets always stop on Cisco router. A traceroute from outside to the firewall always stops at the hop exactly before the cisco router I am talking about, which I suppose is the other end of this tunnel. -- Claudiu Dragalina-Paraipan dr.clau_at_gmail.com
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:23 UTC