Re: Some sites don't get through nat

[Han Boetes <han@mijncomputer.nl>]

Nick Holland wrote:
> Han Boetes wrote:
> > I noticed this odd problem with http://web.wt.net/~billw/gkrellm/ and
> > http://www.snsbank.nl/. Both sites seem to get slowed down by NAT. If I
> > connect to them from the firewall there is no connection problem. But
> > if I connect to them from _behind_ the firewall there is no connection
> > being setup.
> > [snip: details]
> [snip: only with recent openbsd]

Yes. I forgot to mention. This is -current. And indeed the problem
started a few month ago.


> Finally figured out that it was an MTU problem
> [ snip: details ]

Hmmm I tried various MTU's between 1400 and 1500 and they all refused
connection.


> The sites we were having trouble with, however, involved a certain
> amount of "uplink" data -- forms and such.  As long as the uplink data
> size was "small", things were working fine.  Not sure that applies to
> the sites you mentioned, though I seemed to have no problem getting to
> them from here (again).

Are you sure it's NAT'ed?

Someone else running current also didn't have the problem at all. I just
tried with ecn disabled and I still get no connection. Sound like one
of those mysterious problems were one day you stumble upon the
solution. Or not...

Anyway, I can work around by using a proxy for now. ( still hears
Theo's resounding rant about workarounds )



# Han