Re: [LARTC] Firewall+NAT: only succeeds for SOME external sites??

From: Chris Rankin <rankincj@yahoo.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Firewall+NAT: only succeeds for SOME external sites??
Date: Fri, 21 Sep 2001 07:19:56 +0000	[thread overview]
Message-ID: <marc-lartc-100105684330842@msgid-missing> (raw)
In-Reply-To: <marc-lartc-100102468021752@msgid-missing>

Hi,
Yes, the problem turned out to be the MTU on the link
between the boxes. My new routing table on the second
machine looks like this, and is a complete success:

# ip route list
192.168.0.0/24 dev eth0  scope link 
127.0.0.0/8 dev lo  scope link 
default via 192.168.0.1 dev eth0  advmss 1452

Cheers,
Chris

--- Henry Yen <lartc-mail@AegisInfoSys.com> wrote:
> On Thu, Sep 20, 2001 at 03:24:19AM -0700, Chris
> Rankin wrote:
> > I have a very simple 2-box network, both running
> Linux
> > 2.4.7, and connected to the Internet using DSL
> (pppd
> > 2.4.1 + pppoe). The first box acts as a gateway +
> NAT
> > for the second box, and the boxes are connected
> via a
> > crossover ethernet cable.
> > 
> > Now I *can* connect to the Internet from the
> second
> > box. However, there are some sites that I can only
> > access from the gateway and I'm running out of
> ideas
> > on how to solve this.
> > 
> > Sites that work for BOTH boxes include:
> > http://news.bbc.co.uk
> > http://freshmeat.net
> > http://lwn.net
> > 
> > Sites that work for ONLY the gateway box include:
> > http://linuxtoday.com
> > http://setiathome.ssl.berkeley.edu
> 
> a more efficient setup for web surfing might be to
> run squid proxy on
> the gateway box, and point to it as proxy from the
> second box.
> 
> > Also, I can receive Real streams from
> news.bbc.co.uk
> > on either machine, but can only receive Real
> streams
> > from http://lordoftherings.net on the gateway!
> > 
> > Can anyone suggest anything, please? I have
> ensured
> > that the second machine has ip_forward=0 and
> > */rp_filter=0, but I can't think of anything else
> that
> > might cause it to drop/lose packets. It's routing
> > table is trivial (from memory):
> > 
> > $ route add 192.168.0.0 netmask 255.255.255.0
> > 192.168.0.1
> > $ route add default gw 192.168.0.1
> > 
> > where 192.168.0.1 is the gateway, of course, and
> this
> > machine has address 192.168.0.2.
> 
> MTU path discovery problem?  ECN issue (are both
> boxes running the
> exact same distro/kernel level)?
> 
> for the former, try "mtu path discovery broken
> pppoe".
> for the latter, try "ecn linux break".
> both on groups.google.com.
> 
> also, try out tcpdump (with options) to spy on
> what's going on between the
> machines.
> -- 
> Henry Yen <henry@AegisInfoSys.com>             
> Aegis Information Systems, Inc.
> Senior Systems Programmer                      
> Hicksville, New York

__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/