[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Firewall MTU with PPPoE/DSL

To: djm@mindrot.org (Damien Miller)
Subject: Re: Firewall MTU with PPPoE/DSL
From: Steve Williams <steve@genie96.com>
Date: Thu, 1 Feb 2001 10:15:55 -0700 (MST)
Cc: misc@openbsd.org
Read-Receipt-To: steve@genie96.com

Hi,

Do you have any machines running NAT behind your OpenBSD box that
has the PPPoE connection to the Internet?

I tried the latest PPP with the mssfixup, and it did not seem to resolve
the problems that I am having.  I put the debug level to 5 and could
see the occasional packet that was getting "fixed", but picking up 
email on PC's behind the firewall from mail servers on the Internet
still hangs ( using POP ).

Just curious to see how close your setup is to mine.

Cheers!
> 
> On Wed, 31 Jan 2001, Dan Weeks wrote:
> 
> > 
> > I have a firewall running OpenBSD.  Unfortunatley I have to connect to the
> > DSL service using PPPoE.  The problem is that all TCP traffic has to be
> > encapsulated in a PPP datagram and then put into the Ethernet packet, thus
> > causing more overhead and fragmented packets if you have too high of an MTU
> > on an internal host.  Well, I can adjust the MTU for all my internal hosts
> > manually to be the correct value, but what I am looking for is a way to
> > have the firewall handle such operations.  
> > 
> > I see that FreeBSD has something called "tcpmssd" that corrects the MSS of
> > outgoing packets via the firewall rules (see
> > http://www.daemonnews.org/200101/pppoe.html section 6.3).
> > 
> > What I would like to know is if there is something like that in OpenBSD.
> > Will I have to attempt to port this from FreeBSD? (using FreeBSD is not an
> > option).
>  
> Upgrade to a -current /usr/sbin/ppp, it includes an option (on by default)
> with a similar effect. It Works for Me on Telstra's PPPoE ADSL service.
> 
> -d
> 
> 
> -- 
> | ``We've all heard that a million monkeys banging on | Damien Miller -
> | a million typewriters will eventually reproduce the | <djm@mindrot.org>
> | works of Shakespeare. Now, thanks to the Internet, / 
> | we know this is not true.'' - Robert Wilensky UCB / http://www.mindrot.org
> 
> 
> 


-- 
	Steve Williams, Calgary, Alberta, Canada
	Genie Computer Systems Inc.
	steve@genie96.com

"A man doesn't begin to attain wisdom until he recognizes that he is 
 no longer indispensable."
- Admiral Richard E. Byrd ( 1888-1957 )

Follow-Ups:
- Re: Firewall MTU with PPPoE/DSL
  - From: Damien Miller <djm@mindrot.org>

Prev by Date: Re: xdm error in fresh snapshot
Next by Date: Can't run check for integer sizes
Prev by thread: Re: ftpd and supervise.
Next by thread: Re: Firewall MTU with PPPoE/DSL
Index(es):
- Date
- Thread