On Wed, 2008-07-30 at 15:45 +0200, Marco Lorig wrote:
> Using ldap causes the same problem. But I didn't test a ldap "put" to the
> server, only a get fails (like scp).
Umm... thinking about this laterally:
"put" is pushing large packets towards the server, from the client, the
reverse flow is mainly ACKs and will fit inside the MTU of the reverse
path when the tunnel is in place or when the tunnel isn't in place.
"get" is pushing small packets towards the server, from the client, the
reverse flow is mainly data and doesn't fit in the PTU of the reverse
path when the tunnel is in place; the difference is that if the tunnel
is removed the data gets back to the client.
We need to work backwards on this one.
With the tunnel in place, can you initiate an outbound SSH connection
from the realserver to the client machine? Are you absolutely sure that
the path this will follow the same route as the data from the realserver
under normal conditions?
I have a sneaking feeling that the realserver is sending packets of 1460
bytes (ethernet MTU less L2 framing) but the "secondary" director, ie.
the tunnel endpoint at the realserver's end, is dropping them because
they don't fit inside the tunnel.
Can you adjust the mtu of the interfaces on the realservers?
ifconfig eth0 mtu 1400
Tune it downwards until it works - I'm pretty sure that's where your
problem is. Apologies if you can't, though - this thread has become so
long I don't want to read it all again!