[54951] in North American Network Operators' Group
RE: Stumper
daemon@ATHENA.MIT.EDU (Martin Renschler (EWU))
Tue Jan 21 22:43:59 2003
From: "Martin Renschler (EWU)" <Martin.Renschler@ewu.ericsson.se>
To: "'jeffrey.arnold'" <jba@analogue.net>,
"Mark J. Scheller" <scheller@u1.net>
Cc: nanog@merit.edu
Date: Tue, 21 Jan 2003 21:43:24 -0600
Errors-To: owner-nanog-outgoing@merit.edu
Linksys has frequent releases and I had the opportunity to stumble several times into firmware versions where some special applications (e.g. X-Window session over IPSec) wouldn't work. Turned out, they were playing with the MTU. Two releases further on, it would work, then again not etc.
I would rather try to solve the problem on the server side (make sure your server sends out unfragmented smaller packets).
/Martin
<Disclaimer>This is a private statement and does not necessarily reflect the opinion of my employer...</Disclaimer>
-----Original Message-----
From: jeffrey.arnold [mailto:jba@analogue.net]
Sent: Tuesday, January 21, 2003 2:36 PM
To: Mark J. Scheller
Cc: nanog@merit.edu
Subject: Re: Stumper
On Tue, 21 Jan 2003, Mark J. Scheller wrote:
:: Here's the particulars:
::
:: Users that have Verizon DSL and a Linksys cable/DSL router have
:: difficulties accessing sites on my network -- whether they are trying
:: with http, https, smtp, pop3, ssh, ftp, etc., etc. Oh, but pings
:: seem to be fine. Low latency, no loss. This is true even for access
:: to a server brought up in the DMZ, to keep the firewalls out of the
:: equation.
::
Have the user update their linksys firmware. I see this problem all the
time. Linksys soho gateways are notorious for their early firmware not
sending fragments with proper headers. Any acl that does not allow *all
frags* by default will deny their packets. There may be other issues as
well, but the firmware update tends to fix all of the problems.
-jba
__
[jba@analogue.net] :: analogue.networks.nyc :: http://analogue.net
