Hector Martin says: > Anyone with a 1500 MTU through all the path will always see your site. > But if your server is configured wrong, or your router, or > something at your end is breaking PMTU discovery, packets can > get dropped forever at places where the MTU is lower. I think > it is not strange for most people to have a 1500 path MTU, > since it is the most optimal, but some people might have > smaller limits. And those might be broken. > Via anonymizer the connection is pretty much rewritten, since > everything goes out and back into the TCP stack at > application level, so if the anonymizer is configured > properly and does PMTU properly, and has a 1500 MTU path to > your server, it will work for everyone. Ok... I can see what you are saying... Lets take that as the best possibility and troubleshoot it. > > I have a linksys router on the front end of the server and > it does not > > have much in the way of settings for MTU related issues. > The only one > > is "automatic / manual MTU size" and if manual, then what size MTU. > > Currently, it is on automatic and it has been like that for > years. So > > if there is a problem, it must be a bug in the linksys or some bug > > between the linksys and the NT 4 / IIS 4 server. So far, I > can't find > > any mention of such a bug related to the linksys model I > have on the internet or at the linksys site. > > However they do have a firmware update which I will apply > as soon as I > > can make sure I have another unit ready to drop in if this > one doesn't > > survive the firmware load. I've just completed the router firmware upgrade... ...could I impose on you to check it again? Did that fix the problem? > If the problem is on your side, it is definitely a bug or big > misconfiguration. A question: is your server under a publicly > routable IP address directly, or does the router use a > forwarding feature to forward port 80 to the server? That > might have something to do with it. The router forwards port 80 to the server on the internal network. > A quick test should be to turn off PMTU discovery and let NT4 > unset the DF bit. This is sub-optimal since it will cause > packet fragmentation for paths with a smaller MTU, but it > will not cause any additional load for your connection (since > the packets get fragmented at the router with a smaller MTU), > and it might be an acceptable long-term solution if nothing > else fixes the problem. The site might be 20% slower for > those under lower-MTU connections, but I guess that's better > than not being able to access it at all. I'll try that if the router firmware upgrade doesn't work. --- James Newton: PICList webmaster/Admin mailto:jamesnewton@piclist.com 1-619-652-0593 phone http://www.piclist.com/member/JMN-EFP-786 PIC/PICList FAQ: http://www.piclist.com -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist