 |
FirewallBuilder |
|
Search Users Guide
Can access most web sites through the firewall just fine, except for a few.
The browser would state "waiting for www.somesite.com" for a while and then time out when you connect to one of these sites.
This might be caused by a MTU problem if you are on a DSL connection using PPPoE. Here are couple of useful pages that describe the problem in details:
http://www.dslreports.com/tweaks/MTU
http://www.internetweekly.org/llarrow/mtumss.shtml
If your firewall runs iptables you can use option "Clamp MSS to MTU" in the firewall settings dialog to work around it.
For the PF firewalls similar option is called "Enforce maximum MSS" and is located in the "Scrub rule options" tab of firewall settings dialog. It allows for setting MSS value of TCP sessions opened through the firewall; try values between 1460 or 1464 (1464 is the maximum MSS value that can be used on PPPoE connections without fragmentation).
There is no way to change MSS value on the ipf, ipfw and pix firewalls. If your firewall is one of these, you may need to change MTU on your workstation. See links above for recommendations on how to do it.
Copyright © 2000-2012 NetCitadel, Inc. All rights reserved.
Using free CSS Templates.