[Dnsmasq-discuss] dnsmasq + nat(solved)
Nicholas Weaver
nweaver at gmail.com
Mon Jan 10 19:06:51 GMT 2011
On Mon, Jan 10, 2011 at 10:53 AM, Jan Seiffert
<kaffeemonster at googlemail.com> wrote:
> This target is used to overcome criminally braindead ISPs or
> servers which block "ICMP Fragmentation Needed" or "ICMPv6
> Packet Too Big" packets. The symptoms of this problem are
> that everything works fine from your Linux firewall/router, but
> machines behind it can never exchange large packets:
> 1) Web browsers connect, then hang with no data received.
> 2) Small mail works fine, but large emails hang.
> 3) ssh works fine, but scp hangs after initial handshaking.
This is, unfortunately, an INCREDIBLY common problem we see in
Netalyzr: We see roughly half (a bit less, but close) of cases where
an ICMP too big should be sent there is NO ICMP too big actually sent.
V6 seems to be a bit better.
We SUSPECT (but don't know or test for sure) that a lot of the crappy
PPPoE modems/gateways are rewriting the TCP MSS field to lower it
automatically.
More information about the Dnsmasq-discuss
mailing list