Avishay Aton wrote: >my connection is with mtu=1452 and mtu=1452 >no errors and packet drops with my ifconfig -i. >Avishay > Not good enough. You need to actually reduce the MTU on the machines on the internal LAN, or apply an IP Tables rule that allows MSS rewriting. I have absolutely zero experience with the later, so if you want help from me, go for the former.
> > >----- Original Message ----- >From: "Sagi Bashari" <[EMAIL PROTECTED]> >To: "Avishay Aton" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> >Sent: Friday, November 16, 2001 9:17 PM >Subject: Re: Linux(2.4.x) and masqeurating > > >>Hi Avishay, >> >>Have you tried to reduce the MTU on the internal hosts to 1452? (see the >>bottom of the adsl howto if you don't know how). >> >>If you're using netfilter you can just use: 'iptables -A FORWARD -p tcp >>--tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu' instead. >> >>Sagi >> >> >>On Friday 16 November 2001 21:03, Avishay Aton wrote: >> >>>sure,everything works great from the router(linux/freebsd - i switch >>>between them) >>>but from the Lan , i can't get some sites(linuxtoday.com , >>>alcatel.com.....) >>>from snort ouput i can see the first stage of the connection(3 hand >>>shaking) ----- Original Message ----- >>>From: "Matan Ziv-Av" <[EMAIL PROTECTED]> >>>To: "Avishay Aton" <[EMAIL PROTECTED]> >>>Cc: <[EMAIL PROTECTED]> >>>Sent: Friday, November 16, 2001 8:32 PM >>>Subject: Re: Linux(2.4.x) and masqeurating >>> >>>>On Fri, 16 Nov 2001, Avishay Aton wrote: >>>> >>>>>Hi, >>>>>i connect to the net with pptp + adsl, and i use nat on my linux >>>>> >>>box(2.4.x) for other computers on >>> >>>>>my private network. >>>>>My nat rule is simple one: >>>>> >>>>>modprobe iptable_nat >>>>>modprobe ip_conntrack_ftp >>>>>iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE >>>>> >>>>> >>>>>I can get most of the sites , but for example www.linuxtoday.com >>>>> >dosn't > >>>work for me. >>> >>>>Does it work from the router itself? >>>>If not, it sounds like ECN problem. >>>> >>>> >>>>-- >>>>Matan Ziv-Av. [EMAIL PROTECTED] >>>> >>>================================================================= >>>To unsubscribe, send mail to [EMAIL PROTECTED] with >>>the word "unsubscribe" in the message body, e.g., run the command >>>echo unsubscribe | mail [EMAIL PROTECTED] >>> >>================================================================= >>To unsubscribe, send mail to [EMAIL PROTECTED] with >>the word "unsubscribe" in the message body, e.g., run the command >>echo unsubscribe | mail [EMAIL PROTECTED] >> >> > > >================================================================= >To unsubscribe, send mail to [EMAIL PROTECTED] with >the word "unsubscribe" in the message body, e.g., run the command >echo unsubscribe | mail [EMAIL PROTECTED] > > > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
