hi Collin..
u are absolutley right.. while running our sniffer agent, we saw the exact things u have described... we saw the do not fragment statement, and also destination unreachable, fragmentation required messages....
our setup is behind a multi-homed Linux firewall server running IP Masquerading with IPchains.. we do have ICMP in and outwards enabled, so we can ping some other stations on our network... so, i wonder why it shouldn't send those "please fragment" packets back out..?..
any help would be appreciated.. thanks..
AKNIT
--- Colin Campbell <sgcccdc@citec.qld.gov.au>
> wrote:
>Hi,
>
>This sounds like problems with the "Do Not Fragment" bit. You can download
>small things but hang on large ones. Are you behind a firewall? Does your
>firewall allow ICMP outwards? When a packet with DF set hits a device that
>must fragment, that device sends an ICMP 3/4 (destination unreachable,
>fragmentation required). If that ICMP doesn't get through your firewall
>you get the symptoms you describe.
>
> On Mon, 8 Oct 2001, Mark Tinka wrote:
>
>> i have modified the MTU option in my /proc partition on the Linux, and
>> i will say that there some improvement.. the only problem is that i
>> can't seem to download some web sites, and some web sites fully.. for
>> instance, i can only download part of the main yahoo.com page, but can
>> read my e-mail on the mail.yahoo.com pages....
>>
>> also, i can download the cnn.com page, but it hangs when trying to
>> download the main graphics.. same thing for google.com ..
>
>Colin
_____________________________________________________________
Be different Get yourself a Globenetcafe.net email ID
Uganda's Newest internet cafe www.globenetcafe.net
Received on Tue Oct 09 2001 - 02:56:45 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:38 MST