Just a summary for anybody interested in the result of this thread.
Three separate problems and one peculiarity.
(1) The ADSL link had an internal MTU of 1500 but an external one of
1464, at the ISP end. 1500 byte packets were bouncing off the ADSL
and being marked "need to fragment". A straightforward
configuration problem.
(2) Most sites handle "need to fragment" responses correctly. Alas
some do not, they keep sending big packets which get bounced again.
These sites appear to hang because nothing is getting through.
This is completely unrelated to masq or Linux at all, these sites
are *broken* and have problems with any MTU mismatch.
(3) When the internal MTU was changed to 576, it tripped a masq bug,
the ICMP response contained an invalid payload. This bug is fixed,
the patch should be in 2.2.3. In the meantime, make sure that all
interfaces on a masq box have the same MTU.
The peculiarity was that Windows was using an MTU of 1464 instead of
1500. With this MTU, sites sent packets that were just small enough to
get through the ADSL. So the broken sites did not get "need to
fragment" and just happened to work. No idea why Windows was using
1464 instead of the default Ethernet 1500.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/