NAT LAN Problem

Hi folks,
I have 2 computers sharing a DSL internet wire.

The computer with DSL runs NAT: (=1st computer, two eth, eth0, eth1)
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

I enter the ISP's DNS server IP Address into /etc/resolv.conf
of the other computer (=2nd computer)
The 2nd computer also has a default gw route to the
Private IP address of the 1st computer.

All web requensts run perfectly on the 1st computer
Some web requests run perfectly on the 2nd, but not all.
E.g.
www.google.de is okay
www.gmx.de doesn't work.

Why???
I appreciate your answers!!
Juergen

Hi Juergen,

you wrote:
> Some web requests run perfectly on the 2nd, but not all.

That is a typical problem with ICMP black holes created by misconfigured
firewalls protecting some web servers.

Add following iptables rule:
iptables -t mangle -A POSTROUTING -o ppp0 -p tcp \
--tcp-flags SYN,RST,ACK SYN -j TCPMSS --clamp-mss-to-pmtu


Michael

--
Linux@TekXpress
http://www-users.rwth-aachen.de/Mich...kxp/tekxp.html

lower MTU of the 2nd computer's network card to something like 1370

"Juergen Gerstacker" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Hi folks,
> I have 2 computers sharing a DSL internet wire.
>
> The computer with DSL runs NAT: (=1st computer, two eth, eth0, eth1)
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> iptables -A FORWARD -i eth1 -j ACCEPT
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> I enter the ISP's DNS server IP Address into /etc/resolv.conf
> of the other computer (=2nd computer)
> The 2nd computer also has a default gw route to the
> Private IP address of the 1st computer.
>
> All web requensts run perfectly on the 1st computer
> Some web requests run perfectly on the 2nd, but not all.
> E.g.
> www.google.de is okay
> www.gmx.de doesn't work.
>
> Why???
> I appreciate your answers!!
> Juergen