Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Fragmentation WAN PPPoE

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      llelapin
      last edited by

      Hi,

      I'll try to explain my problem.

      I've got a PPPoE connection with MTU 1492. Behind, a Nat 'Port forward" for an email server. Only one of our client can't send us big email. Small emails work correctly but if there is fragmentation some packets are dropped:

      May 7 09:43:08 SFR   194.250.153.xxx   5.39.xxx.xxx TCP:

      May 7 09:43:12 SFR   194.250.153.xxx   5.39.xxx.xxx TCP:

      May 7 09:43:20 SFR   194.250.153.xxx   5.39.xxx.xxx TCP:

      May 7 09:43:36 SFR   194.250.153.xxx   5.39.xxx.xxx TCP:

      I tested many configuration:

      • firewall optimization in conservative mode
      • Disable hardware checksum offload
      • Clear invalid DF bits instead of dropping the packets
      • Disables the PF scrubbing option which can sometimes interfere with NFS and PPTP traffic
      • disable net.inet.tcp.rfc1323
      • disable net.inet.tcp.sack.enable
      • set mtu 1492 on my server

      I'm running pfsense 2.0.3 64b. I don't know why a can't get message from this peer. Could you help me please?
      [packetcapture (16).txt](/public/imported_attachments/1/packetcapture (16).txt)

      1 Reply Last reply Reply Quote 0
      • R
        Reiner030
        last edited by

        Hi,

        have no direct idea but you can test here your MTU and other helpful things:
        http://www.speedguide.net/analyzer.php

        1 Reply Last reply Reply Quote 0
        • L
          llelapin
          last edited by

          Hi,

          Thank you for your answer.
          In fact your site give me MTU 1460 and not 1492. I don't know why.

          TCP options string: 0204058c010303070402080a0006a9ea00000000
          MSS: 1420
          MTU: 1460
          TCP Window: 66176 (NOT multiple of MSS)
          RWIN Scaling: 7 bits (2^7=128)
          Unscaled RWIN : 517
          Recommended RWINs: 65320, 130640, 261280, 522560, 1045120
          BDP limit (200ms): 2647kbps (331KBytes/s)
          BDP limit (500ms): 1059kbps (132KBytes/s)
          MTU Discovery: ON
          TTL: 49
          Timestamps: ON
          SACKs: ON
          IP ToS: 00000000 (0)

          1 Reply Last reply Reply Quote 0
          • R
            Reiner030
            last edited by

            @llelapin:

            Thank you for your answer.
            In fact your site give me MTU 1460 and not 1492. I don't know why.

            MSS: 1420
            MTU: 1460
            MTU Discovery: ON

            good thing seems that MTU discovery is on … can you see in your ppp logs what MTU is set by pfSense ?
            Perhaps you must set for security MTU in PPP page directly (there is a field for it).

            But normally also many other sites should have problems when using more than 1500 Bits ... its quick reached ;)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.