You might not be able to browse some Web sites or to send e-mail messages that contain attachments from an Internet Connection Sharing client computer if your outbound connection is through a Windows XP-based Internet Connection Sharing host computer that uses Point-to-Point Protocol over Ethernet (PPPoE).

Back to the top

This issue may occur if the Windows XP-based Internet Connection Sharing host computer uses a smaller Maximum Transmission Unit (MTU) size on the public interface (the PPPoE connection to the Internet) than it uses on the private interface (the Ethernet connection to the Internet Connection Sharing client). If a packet is larger than the MTU size on the public interface, the client sends an Internet Control Message Protocol (ICMP) error to the external server to request that the server negotiate the TCP Maximum Segment Size (MSS). However, this message may be blocked by some firewalls. When this occurs, the packet is dropped.

Back to the top

To resolve this problem, install Windows XP Service Pack 1 (SP1) on your Internet Connection Sharing host computer. Internet Connection Sharing has been updated in Windows XP SP1 to work around this issue by using a process that is named MSS clamping. MSS clamping causes Internet Connection Sharing to set the MSS value low enough to match the external interface.

Back to the top

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
To temporarily work around this problem, lower the MTU size on the internal Internet Connection Sharing client computers to 1490.

NOTE: Use this temporary workaround only in cases in which a Windows XP-based computer is both an Internet Connection Sharing host (or gateway) and is connected to the Internet by using PPPoE.

To modify the MTU on the internal Internet Connection Sharing client computers, follow these steps.

To Identify the correct MTU size:

1.	Start a command prompt, and then use the Ipconfig utility to determine the default gateway of the Internet Connection Sharing server.
2.	At a command prompt on a client, type the following line, and then press ENTER: ping -f -l MTU_size default_gateway_IP_address Start with an MTU size of 1,490.
3.	If you receive an error message that indicates that the message must be fragmented, repeat step 2 by using a smaller MTU size. Repeat this process until the ping command succeeds.

After you determine the largest supported MTU size, follow these steps to manually set the MTU on the Internet Connection Sharing client computer or computers:

1.	Click Start, point to Control Panel, point to Network and Internet Connections, and then click the Network Connections folder.
2.	If the Network Connections folder contains more than one network connection, check the IP address for each network connection to determine which is the Internet connection. To check the IP address for a network connection, double-click the Network Connection icon, click the Support tab, and then note the IP address. The connection with an IP address that starts with 192.168 is the Internet network connection. Note the name of the Internet connection (for example, "Local Area Connection 2").
3.	Start Registry Editor.
4.	Locate and then click the following key in the registry, where AdapterIDNumber is a hexadecimal number: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{AdapterIDNumber}\Connection
5.	In the Connection key, check the Name value to determine if it matches the name of the Internet connection that you found in step 2. If the Name value matches the name of the Internet connection, note the name of the {AdapterIDNumber} key. If the Name value does not match the name of the Internet connection, repeat this step to check the Name value in the next {AdapterIDNumber}\Connection key in the registry.
6.	Locate and then click the following key in the registry, where AdapterIDNumber is the hexadecimal ID number of the Internet connection that you noted in step 5: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Interfaces\{AdapterIDNumber}
7.	On the Edit menu, click Add Value, and then add the following registry value, where MaxMTUSize is the maximum supported MTU size that you discovered earlier in the Ping tests: Value name: MTU Data type: REG_DWORD Radix: Decimal Value data: MaxMTUSize
8.	Quit Registry Editor.

NOTE: If you still experience problems when you visit some Web sites, you may have to change the MTU value setting to a lower number. Reduce the MTU value setting in increments of 10 until the issue is resolved.

For additional information about how to manually set the MTU size, click the following article number to view the article in the Microsoft Knowledge Base: PPPoE is described in Request for Comments ( RFC) document 2516. Currently, some digital subscriber line (DSL) service providers use PPPoE to maintain the familiar "dial-up" experience for users who use a DSL modem to connect to the Internet.

Back to the top

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows XP Service Pack 1.

Back to the top

On Windows XP, PPPoE connections use a Maximum Transmission Unit (MTU) size of 1,490 to account for the additional PPP header information that is transmitted over the Ethernet network. Because the TCP MSS is negotiated during the TCP handshake by the two end systems, the end systems may set an MSS that is based on a local link MTU of 1,500 if both systems are connected to Ethernet networks. If the Internet Connection Sharing host cannot pass the traffic to and from the internal Internet Connection Sharing client because the packet is too large, the Internet Connection Sharing computer sends the appropriate ICMP message that states that fragmentation is required and that the "Don't Fragment" bit was set. The Windows XP-based Internet Connection Sharing host also includes the MTU size of the PPPoE link; the recipient of the ICMP message can initiate a renegotiation of the MSS. This process fixes the problem and is transparent to users.

The problem that is described in this article occurs when the external host blocks ICMP messages. In practice, this is typically a Web server that blocks ICMP messages at the firewall. If the internal Internet Connection Sharing client sends only small requests (such as HTTP requests), the client's packets may never become large enough to have to be fragmented by Internet Connection Sharing. However, the Web server may send back a large file or image that fills a single or multiple packets to capacity. Internet Connection Sharing sends the appropriate ICMP "fragmentation required" message back to the Web server. If this message never reaches the Web server (because it is blocked by a firewall), the Web server does not become aware that the session MSS must be renegotiated. Unless the external server is using PMTU Black Hole Router discovery (by default, this is disabled in Microsoft Windows 2000), the data never reaches the internal Internet Connection Sharing client.

Back to the top