There's one site I can't reach through my Linux IP masqerading gateway. Searching and reading about the MTU issues has not helped me resolve this problem, nor can I find any other explanation for the hangs I'm observing. I would be extremely grateful for any assistance. Parameters: - IP masq has worked reliably with this configuration for over a year, until this problem. - Gateway kernel is 2.2.20. - gateway <-> internet connection is via ethernet (ne2k) to a cable modem (AT&T broadband). MTU is 1500. - gateway <-> masq'ed client connection is via wireless LAN (ray_cs, from recent Hinds PCMCIA distribution). MTU is 1500. - The site I'm trying to reach is www.oracle.com, via HTTP. I can reach it with no trouble directly from the gateway, but cannot with any HTTP client from a masq'ed machine. I usually get back headers and part of the body (~ 890 bytes, so presumably the first packet); then it hangs. My understanding is that a typical MTU blackhole problem occurs when the internet connection has a smaller MTU than the LAN connection. Just in case the problem was a difference in framing overhead between the ethernet and the wireless LAN, I lowered the MTU on the wireless LAN. This led me to observe a separate problem: when the two hosts on the wireless LAN disagreed about the MTU, connections between them would hang. Is this expected? I was very surprised. Anyway, I changed the MTU in sync on both hosts and tried various values (1400, 1000, 500), and the masq problem didn't go away. Just in case my understanding was backwards, I also tried lowering the MTU on the gateway ethernet link to the cable modem, with no success. I append a tcpdump of the internet link while running "wget www.oracle.com" on the masq'ed client. I don't have any expertise in interpreting it, so I'm hoping that the problem will be obvious to someone who does. I don't know how to dump packets on the ray_cs interface, but I guess it must be possible.... Any ideas? Thanks, Andrew 12:48:25.483873 pimlott.ne.mediaone.net.62080 > bigip-www.us.oracle.com.www: S 2876545954:2876545954(0) win 5840 <mss 1460,sackOK,timestamp 98472547 0,nop,wscale 0> (DF) 12:48:25.573873 bigip-www.us.oracle.com.www > pimlott.ne.mediaone.net.62080: S 2987440750:2987440750(0) ack 2876545955 win 8192 <mss 1380> 12:48:25.583873 pimlott.ne.mediaone.net.62080 > bigip-www.us.oracle.com.www: . ack 1 win 5840 (DF) 12:48:28.583873 pimlott.ne.mediaone.net.62080 > bigip-www.us.oracle.com.www: P 1:102(101) ack 1 win 5840 (DF) 12:48:28.673873 bigip-www.us.oracle.com.www > pimlott.ne.mediaone.net.62080: . ack 102 win 64759 (DF) 12:48:28.673873 bigip-www.us.oracle.com.www > pimlott.ne.mediaone.net.62080: P 1:1381(1380) ack 102 win 8192 12:48:28.673873 bigip-www.us.oracle.com.www > pimlott.ne.mediaone.net.62080: P 1381:1492(111) ack 102 win 8192 12:48:28.673873 bigip-www.us.oracle.com.www > pimlott.ne.mediaone.net.62080: P 1492:2872(1380) ack 102 win 64860 (DF) 12:48:28.693873 pimlott.ne.mediaone.net.62080 > bigip-www.us.oracle.com.www: . ack 1381 win 8280 (DF) 12:48:28.703873 pimlott.ne.mediaone.net.62080 > bigip-www.us.oracle.com.www: . ack 1381 win 8280 (DF) 12:48:28.793873 bigip-www.us.oracle.com.www > pimlott.ne.mediaone.net.62080: . 2872:4252(1380) ack 102 win 64860 (DF) 12:48:28.803873 pimlott.ne.mediaone.net.62080 > bigip-www.us.oracle.com.www: . ack 1381 win 8280 (DF) 12:48:32.843873 bigip-www.us.oracle.com.www > pimlott.ne.mediaone.net.62080: P 1:1381(1380) ack 102 win 8192 12:48:32.843873 bigip-www.us.oracle.com.www > pimlott.ne.mediaone.net.62080: P 1381:1492(111) ack 102 win 8192 12:48:32.863873 pimlott.ne.mediaone.net.62080 > bigip-www.us.oracle.com.www: . ack 1381 win 8280 (DF) 12:48:41.183873 bigip-www.us.oracle.com.www > pimlott.ne.mediaone.net.62080: P 1:1381(1380) ack 102 win 8192 12:48:41.183873 bigip-www.us.oracle.com.www > pimlott.ne.mediaone.net.62080: P 1381:1492(111) ack 102 win 8192 12:48:41.203873 pimlott.ne.mediaone.net.62080 > bigip-www.us.oracle.com.www: . ack 1381 win 8280 (DF) - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
