On Wed, 19 Mar 2008, ann kok wrote:
Some DSL clients, some are working fine. (browsing...ping ...)
Some DSL clients have this problem they can't browse the sites. they can ssh the host but couldn't run the command in the shell prompt ping packet are working fine (no packet lost)
Seems like that when the first packet that exceeds MTU (I guess 1492) on the path is sent, you get a PMTU blackhole. You will see the same problem if you ping with big packets. As to why some clients work and others do not -- a good question. I have some theories on this point (different behaviour wrt setting DF bit; no MSS clamping and some DSL clients have MTU=1492 exposed to the user, others have a middlebox router which shows MTU=1500; some others). You may want to check that both ends are receiving ICMP packet too big messages (i.e. a firewall doesn't filter them out). -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings