Having an issue here, looks similar to bin/78424 which is listed as open and low priority, but no assignments or comments. The problem is pretty straight forward, though a solution to it seems like it's all-or-nothing. The issue is that when using a box with PMTU discovery behind a NAT, the NAT is effectively a blackhole, as the ICMP packets coming back from the remote end aren't NATed and passed back through. The only option seems to be to disable PMTUD on all the clients behind the nat. FWIW my situation for testing here is a Freebsd 5-STABLE (5.4 cvsupped as of yesterday) box running ipfw and ipnat, workstations behind it are a mix of FreeBSD and WinXP. I of course would like to leave PMTU discovery on on the clients behind the NAT, but so far this seems like a pipe dream.