Problem solved - thanks to all who helped. The Linux RADIUS box was sending a "Framed-MTU" of 576. That apparently didn't affect the old Quad rack, but it was the problem. Changed it to 1500 and everything appears to be working now. Thanks again for all the help, and HAPPY HOLIDAYS to all! Joel -----Original Message----- From: Paul Farber [mailto:farber@admin.f-tech.net] Sent: Thursday, December 26, 2002 7:47 PM To: usr-tc@mailman.xmission.com Subject: RE: [USR-TC] Big Problem - Need Help
From what I understand ethernet MTU is 1500.
If you lower that for modems (ie the 576 that people see alot) then you have an MTU missmatch.. the remote is at 1500 your client is at 576. The client TCP stack is supposed to send out some sort of MTU resize request packet (could be wrong) to the remote to lower the MTU it uses to 576. Since all ICMP packets are blocked, the remote never gets the resize request, and the session never goes past that point. Could be wrong... probibly not 100% accurate.. -- Paul Farber Farber Technology farber@admin.f-tech.net Ph 570-628-5303 Fax 570-628-5545 On Thu, 26 Dec 2002, Joel - Fox Computers wrote:
So are you saying that it has be HIGHER than 1500? Sounded like previous responses wanted it lower, or at least, not over.
What exactly happens if it's not 1500+?
-----Original Message----- From: Paul Farber [mailto:farber@admin.f-tech.net] Sent: Thursday, December 26, 2002 4:17 PM To: usr-tc@mailman.xmission.com Subject: RE: [USR-TC] Big Problem - Need Help
Basically some dolt Admins think that blocking ALL ICMP packets is a good thing... when they really just want to block ICMP echo request/response.
ICMP MTU discovery *should* and *does* work.. unless admins do the above (ie block all ICMP packets).
I ran into this with a lot of smaller banks and thier online account stuff... they are so afraid (or stupid) that they block everything hoping that it will work/keep out the bad guys.
Basically you need to keep your MTU at 1500+ or face the wrath of poorly designed firewalls.
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc