A quick one that's easy to solve.
Changing around the rules on the firewall to make IPv6 traffic work better cause me to break all IPv4 traffic that wasn't WWW based.
The symptoms included:
1. Kid's weren't able to access multi-player online games
2. Xbox Live suddenly declares that my MTU is set lower than 1364 bytes
3. HTTP traffic was fine
The last one had me stumped for a while - the outgoing pppoe connection is limited to 1492 bytes due to the overheads of encapsulation. My firewall limits outgoing packet sizes to 1440 bytes in order to stop some other reported problems with pppoe encapsulation.
Checking with other Windows boxes that DHCP to the server showed that they had an network MTU of 1500. What's going on?
Simple, I had accidentally changed one of the rules in my PF configuration that caused it to send out the packets before NAT'ing them - obviously the response bounced on the firewall as it did not know what to do with the return packets.
Conclusion: If the Xbox does not receive a packet back from the Xbox live non-HTTP connection then it complains that the MTU must be set too low. I would also guess that this only happens if a HTTP connection to Xbox live succeeds, as my web proxy was still correctly forwarding web traffic at the time.
This also means that if Xbox Live has a partial failure (i.e. HTTP portion works but there's something wrong with the non-HTTP servers) you would get the same error, despite there being nothing wrong with your MTU settings. I bet that would be frustrating to figure out!
No comments:
Post a Comment