MTU issue?

  • I am running the Aug 27th build of pfSense 2.1 for IPv6 support, but am currently on ipv4 only.

    I installed everything, set up my PPPoE WAN connection, and everything seemed fine.  i haven't touched any NAT or firewall settings.  My wife was complaining that facebook wasn't loading.  It would only show a few pieces of the page.  Also had issues with the login page for yahoo, and embedded videos would never complete loading in order to be played.  Most other things seemed to work fine.

    I stumbled upon MTU settings, so I started checking using the ping -f -l <size>internet site.  From any of my windows machines inside my network, the max size I could get a reply from was 1252  (+28 for headers, gives a 1280 MTU).  The Automatic MTU on my PPPoE connection (WAN) was 1492 which was to be expected.  If I tried to ping anything larger than the combined 1492 size, I received back a message that the packet needs to be fragmented, but the do not fragment flag is set, which is also expected.

    Here is the strange thing.  running directly from the pfSense box, the MTUs are perfectly normal.  1492 is the max MTU I could get with a ping response, and not receive the fragment bit error message, but when routing from a computer in the inside, the max is only 1280.  Anything above 1492 gives the fragment bit error, 1280 or below works perfectly, but anything in size between 1280 and 1492 just seems to fall in a black hole.  I've had to hardcode the 1280 MTU into my windows machines to get them to communicate properly and not lose packets.

    Any ideas on what could be going on, or point me in a direction?

    I've found a few old posts relating to this, but nothing with any real solutions.


  • I decided to redo it all and start over.  (wipe and reload) Seems to work fine now.  No idea what was going on before.

Log in to reply