View Single Post
  #2   (View Single Post)  
Old 18th December 2009
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

The following section from the pppoe(4) man page discusses the MTU issue but gives a different match rule than yours
Code:
MTU/MSS ISSUES
     Problems can arise on machines with private IPs connecting to the Inter-
     net via a machine running both Network Address Translation (NAT) and
     pppoe.  Standard Ethernet uses a Maximum Transmission Unit (MTU) of 1500
     bytes, whereas PPPoE mechanisms need a further 8 bytes of overhead.  This
     leaves a maximum MTU of 1492.  pppoe sets the MTU on its interface to
     1492 as a matter of course.  However, machines connecting on a private
     LAN will still have their MTUs set to 1500, causing conflict.

     While pppoe(8) has an internal option, ``mssfixup'', which is enabled by
     default and takes care of this, pppoe users have to rely on other meth-
     ods.  Using a packet filter, the Maximum Segment Size (MSS) can be set
     (clamped) to the required value.  The following rule in pf.conf(5) would
     set the MSS to 1440:

           match on pppoe0 scrub (max-mss 1440)

     Although in theory the maximum MSS over a PPPoE interface is 1452 bytes,
     1440 appears to be a safer bet.  Note that setting the MSS this way can
     have undesirable effects, such as interfering with the OS detection fea-
     tures of pf(4).

     See pf.conf(5) for more information on MTU, MSS, and NAT.
Could you try this match rule, and see whether that improves the situation?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote