On Wed, Aug 03, 2005 at 10:37:08AM -0400, Martin Hicks wrote: > Another idea: Maybe set your MTU lower? Maybe something's having > problems with your MTU settings. Try something absurdly low like 1000 > and if that fixes it then try moving back up. usually 1452 (?) works > for most PPPoE type situations. If you're using PPPoE, you'll want to look into reducing your TCP MSS rather than (or in addition to) your MTU. HTTP(S) tends to send you more data than you send back. If it sends full-sized packets (1500 bytes), you simply cannot receive them. PPPoE links typically requires at least 8 bytes of overhead, so there's 1492 (or less) left. The pipe is too "small" for 1500-byte TCP packets. In this situation, when a router finds it can't "push" the packet through, it drops it on the floor and sends back an ICMP "you must fragment" packet. But if some negligent system administrator in the *reverse* direction has set his router to block all ICMP (more and more common, grumble!), those messages also get dropped on the floor. The net result: You only get through when packets are broken into smaller bunches (for whatever reason). The answer: Set your MSS to a low value like 1400 (same as suggested for the MTU). Here's how I do it: iptables -t mangle -I POSTROUTING \ -p tcp --syn -o ppp0 -j TCPMSS --set-mss 1400 where ppp0 is the name of my outbound interface.
Attachment:
signature.asc
Description: Digital signature