I resolved this at least for now by setting no-df on my scrub, im
still investigating the mtu
On 26/06/07, Daniel Melameth <[EMAIL PROTECTED]> wrote:
Sounds like a possible MTU issue... Liberal use of tcpdump should
help in diagnosing the problem.
On 6/25/07, Lawrence Horvath <[EMAIL PROTECTED]> wrote:
> Im having some trouble accessing certain sites from my laptop going
> through a obsd router doing nat
>
> I have 2 tested configurations
>
> Laptop------->Cisco1721[doing nat]--->internet ----> msn.com
> and
> Laptop------->Cisco1721--(gre0)---->Openbsd[doing nat]--->internet ---->
msn.com
>
> in the first setup, i have a local network behind a cisco1721, the
> cisco does nat, and all works well
>
> in the second setup, i have an internal network that spans via gre
> from the cisco to an Openbsd router in colo which does the nat, this
> is not working for me at all, when i try to go to msn.com, my browser
> just sits there, i have tried this from 1 other computer as well
>
>
> OpenBSD 4.0 GENERIC.MP#936 i386
>
> # cat /etc/pf.conf.test
> # Macros
> # Tables
> # Options
> # Traffic Normalization(scrub)
> # Queueing
> # Translation(nat->binat->rdr)
> # Packet Filtering
>
> ext_if="tl0"
> tun_if="gre0"
>
> int_ip="{ 10/8 192.168/16 }"
> natpool_ip="208.179.68.11"
> local_ip="{ 10/8 192.168/16 208.179.68.8/29 208.179.25/24 }"
>
> set optimization high-latency
> no nat on $ext_if from $local_ip to $local_ip
> nat on $ext_if from $int_ip to any -> $natpool_ip
>
>
> pass in all
> pass out all
>
>
>
> im using ospfd to route over the gre
>
> with either situation, i can get good name resolution, and i can
> telnet to the msn server on 0 and issue a get request successfully i
> can get to almost any other website in either config, google, yahoo,
> etc, there are only a few i cant get to
>
> if there is any other info requested, im happy to provide
> thank you
--
-Lawrence
-Student ID 1028219
-CCNA
