From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Rankin Date: Fri, 21 Sep 2001 07:19:56 +0000 Subject: Re: [LARTC] Firewall+NAT: only succeeds for SOME external sites?? Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Hi, Yes, the problem turned out to be the MTU on the link between the boxes. My new routing table on the second machine looks like this, and is a complete success: # ip route list 192.168.0.0/24 dev eth0 scope link 127.0.0.0/8 dev lo scope link default via 192.168.0.1 dev eth0 advmss 1452 Cheers, Chris --- Henry Yen wrote: > On Thu, Sep 20, 2001 at 03:24:19AM -0700, Chris > Rankin wrote: > > I have a very simple 2-box network, both running > Linux > > 2.4.7, and connected to the Internet using DSL > (pppd > > 2.4.1 + pppoe). The first box acts as a gateway + > NAT > > for the second box, and the boxes are connected > via a > > crossover ethernet cable. > > > > Now I *can* connect to the Internet from the > second > > box. However, there are some sites that I can only > > access from the gateway and I'm running out of > ideas > > on how to solve this. > > > > Sites that work for BOTH boxes include: > > http://news.bbc.co.uk > > http://freshmeat.net > > http://lwn.net > > > > Sites that work for ONLY the gateway box include: > > http://linuxtoday.com > > http://setiathome.ssl.berkeley.edu > > a more efficient setup for web surfing might be to > run squid proxy on > the gateway box, and point to it as proxy from the > second box. > > > Also, I can receive Real streams from > news.bbc.co.uk > > on either machine, but can only receive Real > streams > > from http://lordoftherings.net on the gateway! > > > > Can anyone suggest anything, please? I have > ensured > > that the second machine has ip_forward=0 and > > */rp_filter=0, but I can't think of anything else > that > > might cause it to drop/lose packets. It's routing > > table is trivial (from memory): > > > > $ route add 192.168.0.0 netmask 255.255.255.0 > > 192.168.0.1 > > $ route add default gw 192.168.0.1 > > > > where 192.168.0.1 is the gateway, of course, and > this > > machine has address 192.168.0.2. > > MTU path discovery problem? ECN issue (are both > boxes running the > exact same distro/kernel level)? > > for the former, try "mtu path discovery broken > pppoe". > for the latter, try "ecn linux break". > both on groups.google.com. > > also, try out tcpdump (with options) to spy on > what's going on between the > machines. > -- > Henry Yen > Aegis Information Systems, Inc. > Senior Systems Programmer > Hicksville, New York __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/