[LARTC] Firewall+NAT: only succeeds for SOME external sites??

From: Chris Rankin <rankincj@yahoo.com>
To: lartc@vger.kernel.org
Subject: [LARTC] Firewall+NAT: only succeeds for SOME external sites??
Date: Thu, 20 Sep 2001 22:24:19 +0000	[thread overview]
Message-ID: <marc-lartc-100102468021752@msgid-missing> (raw)

Hi,

I have a very simple 2-box network, both running Linux
2.4.7, and connected to the Internet using DSL (pppd
2.4.1 + pppoe). The first box acts as a gateway + NAT
for the second box, and the boxes are connected via a
crossover ethernet cable.

Now I *can* connect to the Internet from the second
box. However, there are some sites that I can only
access from the gateway and I'm running out of ideas
on how to solve this.

Sites that work for BOTH boxes include:
http://news.bbc.co.uk
http://freshmeat.net
http://lwn.net

Sites that work for ONLY the gateway box include:
http://linuxtoday.com
http://setiathome.ssl.berkeley.edu

Also, I can receive Real streams from news.bbc.co.uk
on either machine, but can only receive Real streams
from http://lordoftherings.net on the gateway!

Can anyone suggest anything, please? I have ensured
that the second machine has ip_forward=0 and
*/rp_filter=0, but I can't think of anything else that
might cause it to drop/lose packets. It's routing
table is trivial (from memory):

$ route add 192.168.0.0 netmask 255.255.255.0
192.168.0.1
$ route add default gw 192.168.0.1

where 192.168.0.1 is the gateway, of course, and this
machine has address 192.168.0.2.

Any help here would be greatly appreciated,
Cheers,
Chris

__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/