se o roteador do cliente for baseado em Linux, verifique se:
1) ICMP bloqueado por site ou ISP
2) cliente usado conexão PPPOE
homem iptables:
TCPMSS This target allows to alter the MSS value of TCP SYN packets, to con‐ trol the maximum size for that connection (usually limiting it to your outgoing interface's MTU minus 40 for IPv4 or 60 for IPv6, respec‐ tively). Of course, it can only be used in conjunction with -p tcp.
This target is used to overcome criminally braindead ISPs or servers which block "ICMP Fragmentation Needed" or "ICMPv6 Packet Too Big" packets. The symptoms of this problem are that everything works fine from your Linux firewall/router, but machines behind it can never exchange large packets: 1. Web browsers connect, then hang with no data received. 2. Small mail works fine, but large emails hang. 3. ssh works fine, but scp hangs after initial handshaking. Workaround: activate this option and add a rule to your firewall con‐ figuration like: iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu