Re: Debugging network problems

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Martijn Lievaart <m@rtij.nl>
To: netfilter@leangen.net
Cc: netfilter@lists.netfilter.org
Subject: Re: Debugging network problems
Date: Fri, 31 Aug 2007 07:33:08 +0200	[thread overview]
Message-ID: <46D7A814.40108@rtij.nl> (raw)
In-Reply-To: <1188383622.29330.9.camel@sonoda.bioscene.co.jp>

David Leangen wrote:
> Hello!
>
> My network was just changed from a vanilla ADSL connection to direct
> ftth. There is now a network connector with a  100MB/s entry, which gets
> routed to a Buffalo Broad station.
>
> I'm having some troubles and my debugging so far has not been
> successful, so I'm hoping some more experienced hands can give me some
> advice.
>
>
> First of all, my previous setup was working exactly as I wanted.
> Essentially, when making the switch to the new network, on my
> firewall/proxy machine, I just did:
>
>   adsl-stop (to stop the pppoe daemon)
>   ifconfig eth0 new.ip.address up
>   route add default gw ip.address.of.broad.station
>
> Then in my iptables, I changed:
>
>   -A POSTROUTING -o ppp0 -j MASQUERADE
>
> to 
>
>   -A POSTROUTING -o eth0 -j MASQUERADE
>
>
> Here's what's happening now...
>
> Generally, I can connect to the outside world, and the outside world can
> connect to me. By this, I mean that each of the local machines behind my
> proxy can connect.
>
> However, the connections back to my own URL are sporadic. In other
> words, sometimes I can connect, sometimes I can't. Assuming my domain is
> my.company.com, when I try to connect to my.company.com from within my
> network, sometimes I can, sometimes I can't, but I have not at all
> figured out a pattern.
>
> When this happens, domain names are being resolved, but I get
> "Connection timed out" errors.
>
> I guess I first need to check to see if I can't get out, or I can't get
> back in.
>   

Sounds like an PMTUD issue. Do you allow all ESTABLISHED packets in, not 
just tcp?

M4

next prev parent reply	other threads:[~2007-08-31  5:33 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-08-29 10:33 Debugging network problems David Leangen
2007-08-31  5:33 ` Martijn Lievaart [this message]
2007-08-31  7:43   ` David Leangen
2007-09-03  2:15     ` David Leangen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=46D7A814.40108@rtij.nl \
    --to=m@rtij.nl \
    --cc=netfilter@leangen.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.