Re: ssh & select() problem on 5.3

• Previous message: Frode Nordahl: "Got rid of my SiI3112A"
• In reply to: Peter Jeremy: "Re: ssh & select() problem on 5.3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 29 Nov 2004 23:09:54 +0200
To: current@freebsd.org

Peter Jeremy wrote:
> On Sun, 2004-Nov-28 18:43:47 +0200, Claudiu Dragalia-Paraipan wrote:
>
>>Since the problem occurs only when I connect to the firewall or to a
>>server behind it, I started to suspect a hardware failure. Could a
>>network card cause such problems ?
>
>
> A couple of people have mentioned path-MTU problems. I've also bumped
> into this problem when playing with VLANs where one end of the VLAN
> trunk doesn't support long frames - an oversize packet will get ignored
> by the receiver without any error being returned.
>

It seems that packets of size more then 1478 are dropped somewhere, but
not on the FreeBSD Firewall. The problem seems to be that it never
receives a ICMP "fragmentation needed but DF set".
Unfortunately I have control only over the firewall and what's behind it.
Next after the firewall (towards internet) there are a switch and a
Cisco router. I asked about the settings of this two, and it seems that
the switch is used for VLANs, and the Cisco for making a tunnel over
fiber channel with the next hop.
I have too few information about this at the moment, but I am almost
certain that the problems are occuring because of the Cisco router.
I did a traceroute from the firewall to outside, and big packets always
stop on Cisco router.
A traceroute from outside to the firewall always stops at the hop
exactly before the cisco router I am talking about, which I suppose is
the other end of this tunnel.

-- 
Claudiu Dragalina-Paraipan
dr.clau@gmail.com

• application/pgp-signature attachment: OpenPGP digital signature

• Previous message: Frode Nordahl: "Got rid of my SiI3112A"
• In reply to: Peter Jeremy: "Re: ssh & select() problem on 5.3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages F**kin hackers! ... >possibly inviting hackers to my computer but ... ... >The hacker probably found out my OS and maybe my firewall ... about security (okay, ... The best Cisco router that I have seen for ... (microsoft.public.win2000.security) Re: Asymmetrically routing through transparent fw (bridge) ... > bridge routes these packages to other on-site routers. ... > cisco router and the package will find its way... ... and where you want to put your bridging firewall ... (comp.os.linux.networking) Re: Witch cisco router to route 100 mbit internet? ... I just want a normal defualt cisco router that supports 100mbit ... Your routing is being done at the server farm most likely. ... You will plug the ethernet cable provided to you from the server farm to the firewall and configure the firewall's interface as outside, then you take another patch cable and plug it from the firewall to the server you are using and configure that interface to be the inside interface. ... (comp.dcom.sys.cisco) Re: [SLE] samba and firewall issue ... > Have you configured that firewall no firewall comes preconfigured (I ... > then connected to Cisco router with access-lists in control also. ... Well I thing at present I wouldn't be able to do so much with my network, ... it) I wonder which is my external interface then and which my internal one. ... (SuSE) Cisco Pix firewall and two subnets ... firewall. ... connected to another Cisco Router with is a frame-relay connection ... The two subnets could also talk to one ... connection and associated router are going away. ... (comp.security.firewalls)