Linksys has frequent releases and I had the opportunity to stumble several times into firmware versions where some special applications (e.g. X-Window session over IPSec) wouldn't work. Turned out, they were playing with the MTU. Two releases further on, it would work, then again not etc. I would rather try to solve the problem on the server side (make sure your server sends out unfragmented smaller packets). /Martin <Disclaimer>This is a private statement and does not necessarily reflect the opinion of my employer...</Disclaimer> -----Original Message----- From: jeffrey.arnold [mailto:jba@analogue.net] Sent: Tuesday, January 21, 2003 2:36 PM To: Mark J. Scheller Cc: nanog@merit.edu Subject: Re: Stumper On Tue, 21 Jan 2003, Mark J. Scheller wrote: :: Here's the particulars: :: :: Users that have Verizon DSL and a Linksys cable/DSL router have :: difficulties accessing sites on my network -- whether they are trying :: with http, https, smtp, pop3, ssh, ftp, etc., etc. Oh, but pings :: seem to be fine. Low latency, no loss. This is true even for access :: to a server brought up in the DMZ, to keep the firewalls out of the :: equation. :: Have the user update their linksys firmware. I see this problem all the time. Linksys soho gateways are notorious for their early firmware not sending fragments with proper headers. Any acl that does not allow *all frags* by default will deny their packets. There may be other issues as well, but the firmware update tends to fix all of the problems. -jba __ [jba@analogue.net] :: analogue.networks.nyc :: http://analogue.net