On Sat, 25 Oct 2003 17:01:54 GMT, Shadow_7 <(E-Mail Removed)> wrote:
> There seems to be a few sites that aren't nat-ing properly. But most
> sites do just find. I can get to the site on the machine directly
> connected to the internet, but the remote machine just timeouts.
>
> distro: debian (sid)
> kernel: 2.4.23-pre7
> iptables: 1.2.8
>
> Actually it's a 2.4.21 + acpi patch for the NATing machine. Anyone seem
> to have this, or know how to fix it?
>
> known sites of nating handicap:
>
> westerndigital.com
> wwbw.com
> ...
>
> Shadow_7
No problems accessing those sites from LAN behind iptables firewall/masq,
so I am not sure what you mean by "aren't nat-ing properly".
Check output of: cat /proc/sys/net/ipv4/tcp_ecn
If that is 1, try setting it to zero (some web sites do not handle
excessive congestion notification properly).
Otherwise what is mtu of your ppp0 (maybe something is blocking mtu path
discovery)? If you are on dialup, this should NOT be a problem unless
something sets smaller than normal mtu. If ppp0 mtu is smaller than 1500,
try setting Linux LAN nic to same mtu as your ppp0 internet connection.
If you are actually on DSL, leave the nic to DSL modem at its default
1500, and just change LAN nic to match ppp0 mtu.
--
David Efflandt - All spam ignored
http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/
Similar Threads
Linear Mode
