Thanks for the advice. It looks like I'll be at this for a while...if I can't make any headway with it, I'll ask for more help
Thanks again, da On Tue, 16 Nov 2004 03:11:38 -0600, Yusuf <[EMAIL PROTECTED]> wrote: > Your firewall rules look, uh, ugly, meaning, not meant for human eyes. > You should try to isolate your problem from bottom to top: > > Try a minimalistic firewall. Just for testing, of course, as this is > totally insecure: > > # Clear all rules > /sbin/iptables -F; /sbin/iptables -t nat -F; /sbin/iptables -t mangle -F > > # Enable Masquerading > echo 1 > /proc/sys/net/ipv4/ip_forward > /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > > If this solves your problems, then you should think about changing > firehol, making the firewall by hand (but with the great help of > fwbuilder), or (yuck!) trying to "debug" your current firehol rules. > > They are messing with the maximum segment size: > > YN tcpmss match 1400:1536 TCPMSS clamp to PMTU > > trying to divide oversized packets to the maximum transmission unit. > The MTU is traditionally a source of metaphysical and NAT troubles. > > The problem could also probably come from your connection settings. Try > different connections. You are over "fiver"? Try a dial-up for a change. > > DSL? Then maybee the aforementioned clamp is clashing with the one > provided by pppoe. Check the config in > /etc/ppp/providers/<your-config>. Watch for the syndrome of the Roaring > Penguin: a few weeks ago my router suddenly stopped NATing, the only > clue being an obscure cry in /var/log/messages: > > Sep 24 19:45:48 severo pppd[1770]: Couldn't increase MTU to 1500 > > The dreaded MTU had again stroke! Well, more or less. The problem > resulted from the inclusion of the rp-pppoe.so plugin in my DSL config > after an update of pppoeconf. Or so I believe. > > Anyway, keep islolating the problem, using different frontends, configs, > connections, machines, religions, whatever, until you corner it in its > obscure burrow, and then, and then...! > > I have never recommended or performed a Linux reinstall becouse of > "soft" troubles (except that time when the filesystem went on vacation), > but there is always that option: partial or full reinstallation, quite > like in the ol' winbugs days. But much cleaner and quicker, of course. > > Good luck. You'll need it ;-) > > -- > > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
