Le 10/12/2019 à 00:01, Nektarios Katakis a écrit :
I am running an iptables firewall on an openwrt router I ve got. Which acts as Firewall/gateway and performs NATing for my internal network - debian PCs and android phones. All good but specific web sites are not loading for the machines that are sitting behind the home router. When attempting on the browser (firefox but tried different ones) the browser stays at `Performing a TLS handshake to bitbucket.org`. wget has similar results: ``` wget https://bitbucket.org --2019-12-09 22:07:32-- https://bitbucket.org/ Resolving bitbucket.org (bitbucket.org)... 18.205.93.0, 18.205.93.1, 18.205.93.2, ... Connecting to bitbucket.org (bitbucket.org)|18.205.93.0|:443... connected. ``` When doing a tcpdump on the router side I can see some initial TCP session establishment and then nothing:
(...)
Of course doing a wget from the router itself works fine as it also works fine on my desktop if I do dynamic port-forwarding with eg. `ssh -D 1050 router` (and configure of course firefox to use it).
Maybe a "MTU black hole" issue with PPPoE. Workarounds : - lower the MTU on the client side to 1492 - add a "TCPMSS --clamp-to-pmtu" iptables rule on the router
