From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Rankin Date: Thu, 20 Sep 2001 22:24:19 +0000 Subject: [LARTC] Firewall+NAT: only succeeds for SOME external sites?? Message-Id: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Hi, I have a very simple 2-box network, both running Linux 2.4.7, and connected to the Internet using DSL (pppd 2.4.1 + pppoe). The first box acts as a gateway + NAT for the second box, and the boxes are connected via a crossover ethernet cable. Now I *can* connect to the Internet from the second box. However, there are some sites that I can only access from the gateway and I'm running out of ideas on how to solve this. Sites that work for BOTH boxes include: http://news.bbc.co.uk http://freshmeat.net http://lwn.net Sites that work for ONLY the gateway box include: http://linuxtoday.com http://setiathome.ssl.berkeley.edu Also, I can receive Real streams from news.bbc.co.uk on either machine, but can only receive Real streams from http://lordoftherings.net on the gateway! Can anyone suggest anything, please? I have ensured that the second machine has ip_forward=0 and */rp_filter=0, but I can't think of anything else that might cause it to drop/lose packets. It's routing table is trivial (from memory): $ route add 192.168.0.0 netmask 255.255.255.0 192.168.0.1 $ route add default gw 192.168.0.1 where 192.168.0.1 is the gateway, of course, and this machine has address 192.168.0.2. Any help here would be greatly appreciated, Cheers, Chris __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/