ipfw + natd => some sites won't work :-S

Emanuel Strobl Emanuel.strobl at gmx.net
Mon May 9 16:25:14 PDT 2005


Am Dienstag, 10. Mai 2005 01:19 schrieb Frank de Bot:
> Emanuel Strobl wrote:
> > The problem is the same: IP-IP tunneling reduces TCPs mss which the
> > linux box doesn't fix. ICMP will work of course, TCP with full payload
> > won't. I don't knwo how/why you tunnle IP into IP on that linux box,
> > but that's the point where you have to dig.
> >
> > Good luck,
> >
> > -Harry
>
> Which tunnel forms don't experience the reducing of mss? I've chosen for

Hm, I don't have that handy in my mind right now. I had to look for some 
RFCs but it's quiet late here in germany, if I knew it by rote I'd tell 
you. I have similar configurations with IPSec without that problem (IPSec 
(ESP) is another protocol parallel to IP, not a IP in IP tunnel)

-Harry

> a ipip tunnel because it was a tunnen solutions which seemed to be the
> most simple. Once I got that working I was planning to change it to VPN
> or IPSec tunnel.
> I got my reason for having that tunnel between the boxes (Server 2 is a
> server far apart from Server 1)
>
>
> Frank
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050510/139241ef/attachment.bin


More information about the freebsd-questions mailing list