tech-net: Re: can't contacted www.netbsd.org

Subject: Re: can't contacted www.netbsd.org
To: None <tech-net@netbsd.org>
From: Matt Doughty <mdoughty@paingate.dyndns.org>
List: tech-net
Date: 02/11/2004 04:58:46
On Wed, Feb 11, 2004 at 04:21:51AM -0500, der Mouse wrote:
> I can't be sure, of course, but my guess is that your broadband
> connection is PPPoE based and something between you and www.netbsd.org
> (perhaps even your linksys, especially if it's also a firewall) is
> dropping the ICMPs which drive path MTU discovery.  The symptoms look
> very similar to what I saw when I was behind a low-MTU link.  I would
> hope that the NetBSD servers aren't behind such broken "firewall"
> boxes, but maybe they are, now, or maybe something closer to you is
> dropping the ICMPs - or, for all I know, maybe the box on the other end
> of your broadband connection is so severely broken as to be dropping
> the packets but _not_ sending back the ICMPs.
> 
> Try configuring the MTU on your Ethernet to be 1400 instead of 1500.
> This will normally make NetBSD send an MSS option specifying the lower
> limit; the peer will normally obey this, thereby papering over the
> problem.

Well, I think you are probably right, but I have tried changing the MTU
and it didn't make a difference.  That was what made me start looking
elsewhere.

> 
> > what doesn't work:
> 
> > traceroute to anywhere (traceroute works from the windows box, but not the
> > solaris and *bsd boxes)
> 
> Did you try traceroute -I?  I think the equivalent is the default for
> Windows.

yep, with the -I traceroute worked like a charm.

> 
> When you say traceroute "doesn't work", what do you mean?  It dumps
> core?  It prints nothing but stars?  It gets partway and stops?  I'd
> say there's a good chance that the point at which traceroute stops
> seeing stuff coming back is the point responsible for the other
> trouble.  I also suspect it's a firewall configured by some
> over-paranoid admin who didn't really understand what certain packets
> are for.

I was getting nothing but stars. after the first hop.

It seems to be stopping at the pppoe unit from the ISP.  I wonder why the
other boxes are still able to access the site despite this breakage.

I'm not sure where to go from here.  Thanks for the help guys. Atleast,
I have some idea of where I should look.

--Matt