Reset connections when connecting to some websites.

Hi all I am trying to debug the following problem:
When I have PC users on the LAN try to connnect to "*.myspace.com",
there is a long wait, followed by the remore host sending a RST, and
then even stranger, the NAT gateway here, pushes out a "private
address", to which the router just baulks (I would expect). Does anyone
have any suggestions as to what might be going on. There are a couple
of other issues with a handful of websites, but this is my starting
point of investigation. TIA

Any help would be greatly appreciated.

A layout and packet trace are below. Specs on systems at very bottom.

(internet "bigpond.com")---[linux f/w router, rp-pppoe]---[NAT gateway
"smeserver 7.0"]---LAN

* I can connect to the web site from the fw/router, no problem.
* I can't connect to web site from NAT gateway, same promlem as PC's on
LAN.
* If I clear ALL of the firewall forward rules, and remove all tc
rules, still the same issue.
* Apple Mac users on the LAN, can connect no problem (BSD Network
Stack?)



08:23:59*adriana*~]# tcpdump -lt -i ppp0 src or dst myspace.com | sed
-f /usr/local/sbin/alias_hosts
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96
bytes
IP mercedes.domain.name.3807 > profile.myspace.com.http: S
2122816955:2122816955(0) win 65535 <mss 1460,nop,nop,sackOK>
IP profile.myspace.com.http > mercedes.domain.name.3807: S
1232998668:1232998668(0) ack 2122816956 win 8190 <mss 1460>
IP mercedes.domain.name.3807 > profile.myspace.com.http: . ack 1 win
65535
IP mercedes.domain.name.3807 > profile.myspace.com.http: . 1:1453(1452)
ack 1 win 65535
IP mercedes.domain.name.3807 > profile.myspace.com.http: P
1453:1651(198) ack 1 win 65535
IP profile.myspace.com.http > mercedes.domain.name.3807: . ack 1651 win
65535
IP profile.myspace.com.http > mercedes.domain.name.3807: P 1:359(358)
ack 1651 win 65535
IP profile.myspace.com.http > mercedes.domain.name.3807: P
7659:8693(1034) ack 1651 win 65535
IP mercedes.domain.name.3807 > profile.myspace.com.http: . ack 359 win
65177
IP profile.myspace.com.http > mercedes.domain.name.3792: R
3780521494:3780521494(0) win 9700
IP mercedes.domain.name.3792 > profile.myspace.com.http: . ack
3780518574 win 65127
IP 192.168.1.194.3767 > profile.myspace.com.http: F
2416400228:2416400228(0) ack 1010363638 win 65127
IP profile.myspace.com.http > mercedes.domain.name.3805: R
1924194245:1924194245(0) win 9301
IP mercedes.domain.name.3767 > profile.myspace.com.http: .
2416400227:2416400228(1) ack 1010363638 win 65127
IP profile.myspace.com.http > mercedes.domain.name.3767: R
1010363638:1010363638(0) win 8201
IP profile.myspace.com.http > mercedes.domain.name.3807: R
1233007361:1233007361(0) win 9300
IP mercedes.domain.name.3807 > profile.myspace.com.http: . ack 359 win
65177

================================================== ===========
================================================== ===========
================================================== ============

NAT GATEWAY: "SME SERVER 7.0"
Linux mercedes 2.6.9-42.ELsmp #1 SMP


[root@mercedes ~]# iptables -n -L
Chain INPUT (policy DROP)
target prot opt source destination
state_chk all -- 0.0.0.0/0 0.0.0.0/0
local_chk all -- 0.0.0.0/0 0.0.0.0/0
PPPconn all -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 224.0.0.0/4 0.0.0.0/0
denylog all -- 0.0.0.0/0 224.0.0.0/4
InboundICMP icmp -- 0.0.0.0/0 0.0.0.0/0
denylog icmp -- 0.0.0.0/0 0.0.0.0/0
InboundTCP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x16/0x02
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x16/0x02
InboundUDP udp -- 0.0.0.0/0 0.0.0.0/0
denylog udp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
spts:67:68
gre-in 47 -- 0.0.0.0/0 0.0.0.0/0
denylog 47 -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination
state_chk all -- 0.0.0.0/0 0.0.0.0/0
local_chk all -- 0.0.0.0/0 0.0.0.0/0
ForwardedTCP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x16/0x02
ForwardedUDP udp -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PPPconn all -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 224.0.0.0/4 0.0.0.0/0
denylog all -- 0.0.0.0/0 224.0.0.0/4
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain ForwardedTCP (1 references)
target prot opt source destination
ForwardedTCP_3155 all -- 0.0.0.0/0 0.0.0.0/0
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x16/0x02

Chain ForwardedTCP_3155 (1 references)
target prot opt source destination

Chain ForwardedUDP (1 references)
target prot opt source destination
ForwardedUDP_3155 all -- 0.0.0.0/0 0.0.0.0/0
denylog udp -- 0.0.0.0/0 0.0.0.0/0

Chain ForwardedUDP_3155 (1 references)
target prot opt source destination

Chain InboundICMP (1 references)
target prot opt source destination
InboundICMP_3155 all -- 0.0.0.0/0 0.0.0.0/0
denylog icmp -- 0.0.0.0/0 0.0.0.0/0

Chain InboundICMP_3155 (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
8
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
4
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
12
denylog all -- 0.0.0.0/0 0.0.0.0/0

Chain InboundTCP (1 references)
target prot opt source destination
InboundTCP_3155 all -- 0.0.0.0/0 0.0.0.0/0
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x16/0x02

Chain InboundTCP_3155 (1 references)
target prot opt source destination
denylog all -- 0.0.0.0/0 !203.37.109.50
REJECT tcp -- 0.0.0.0/0 203.37.109.50 tcp
dpt:113 reject-with tcp-reset
ACCEPT tcp -- 0.0.0.0/0 203.37.109.50 tcp dpt:22

ACCEPT tcp -- 0.0.0.0/0 203.37.109.50 tcp dpt:25

ACCEPT tcp -- 0.0.0.0/0 203.37.109.50 tcp
dpt:443
ACCEPT tcp -- 0.0.0.0/0 203.37.109.50 tcp
dpt:465
ACCEPT tcp -- 0.0.0.0/0 203.37.109.50 tcp dpt:80


Chain InboundUDP (1 references)
target prot opt source destination
InboundUDP_3155 all -- 0.0.0.0/0 0.0.0.0/0
denylog udp -- 0.0.0.0/0 0.0.0.0/0

Chain InboundUDP_3155 (1 references)
target prot opt source destination
denylog all -- 0.0.0.0/0 !203.37.109.50

Chain PPPconn (2 references)
target prot opt source destination
PPPconn_1 all -- 0.0.0.0/0 0.0.0.0/0

Chain PPPconn_1 (1 references)
target prot opt source destination

Chain denylog (20 references)
target prot opt source destination
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:520
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpts:137:139
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpts:137:139
ULOG all -- 0.0.0.0/0 0.0.0.0/0 ULOG
copy_range 0 nlgroup 1 prefix `denylog:' queue_threshold 1
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain gre-in (1 references)
target prot opt source destination
denylog all -- 0.0.0.0/0 !203.37.109.50
denylog all -- 0.0.0.0/0 0.0.0.0/0

Chain local_chk (2 references)
target prot opt source destination
local_chk_3155 all -- 0.0.0.0/0 0.0.0.0/0

Chain local_chk_3155 (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 192.168.1.0/24 0.0.0.0/0
ACCEPT all -- 192.168.2.0/24 0.0.0.0/0

Chain state_chk (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
[root@mercedes ~]# iptables -n -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
PortForwarding all -- 0.0.0.0/0 0.0.0.0/0
SMTPProxy tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25

TransProxy tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:80

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
PostroutingOutbound all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain PortForwarding (1 references)
target prot opt source destination
PortForwarding_3155 all -- 0.0.0.0/0 203.37.109.50

Chain PortForwarding_3155 (1 references)
target prot opt source destination

Chain PostroutingOutbound (1 references)
target prot opt source destination
ACCEPT all -- 203.37.109.50 0.0.0.0/0
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0

Chain SMTPProxy (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 127.0.0.1
ACCEPT all -- 0.0.0.0/0 192.168.1.1
ACCEPT all -- 0.0.0.0/0 203.37.109.50
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0
to:192.168.1.1:25

Chain TransProxy (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 127.0.0.1
ACCEPT all -- 0.0.0.0/0 192.168.1.1
ACCEPT all -- 0.0.0.0/0 203.37.109.50
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0




================================================== ===========
================================================== ===========
================================================== ===========


FW/ROUTER: 2.6.18, with tc traffic shaping, and iptables.

[11:00:32*adriana*sbin]# iptables -n -L | less
Chain INPUT (policy DROP)
target prot opt source destination
INPUT_BLACKLIST all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:!0x16/0x02 state NEW
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x3F/0x00
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x03/0x03
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x06
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x05/0x05
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x11/0x01
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x30/0x20
REJECT all -- 0.0.0.0/0 224.0.0.0/4
reject-with icmp-port-unreachable
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
8 limit: avg 1/sec burst 5
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
8
ACCEPT tcp -- 203.37.109.48/28 0.0.0.0/0 tcp dpt:22

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
limit: avg 1/min burst 2
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22

ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg
150/min burst 280
DROP udp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 203.37.109.48/28 0.0.0.0/0 tcp dpt:80

ACCEPT tcp -- 203.37.109.48/28 0.0.0.0/0 tcp
dpt:3000

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
BLACKLIST all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 203.37.109.51 tcp dpt:22

ACCEPT tcp -- 0.0.0.0/0 203.37.109.51 tcp dpt:80

DROP all -- 0.0.0.0/0 203.37.109.49
DROP tcp -- !203.37.109.48/28 203.37.109.50 tcp dpt:22

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
limit: avg 1/min burst 2
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x16/0x02 limit: avg 10/min burst 20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x16/0x02
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
8 limit: avg 20/min burst 5
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
8

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW

Chain BLACKLIST (1 references)
target prot opt source destination
DROP all -- 124.115.33.0/24 0.0.0.0/0
DROP all -- 124.5.62.0/24 0.0.0.0/0
DROP all -- 128.93.20.0/24 0.0.0.0/0
[SNIP]

(E-Mail Removed) wrote:
> Hi all I am trying to debug the following problem:
> When I have PC users on the LAN try to connnect to "*.myspace.com",
> there is a long wait, followed by the remore host sending a RST, and
> then even stranger, the NAT gateway here, pushes out a "private
> address", to which the router just baulks (I would expect). Does anyone
> have any suggestions as to what might be going on. There are a couple
> of other issues with a handful of websites, but this is my starting
> point of investigation. TIA

> Any help would be greatly appreciated.

> A layout and packet trace are below. Specs on systems at very bottom.

> (internet "bigpond.com")---[linux f/w router, rp-pppoe]---[NAT gateway
> "smeserver 7.0"]---LAN ^^^^^^^^

PPPoEvil

> * I can connect to the web site from the fw/router, no problem.
> * I can't connect to web site from NAT gateway, same promlem as PC's on
> LAN.
> * If I clear ALL of the firewall forward rules, and remove all tc
> rules, still the same issue.
> * Apple Mac users on the LAN, can connect no problem (BSD Network
> Stack?)

> 08:23:59*adriana*~]# tcpdump -lt -i ppp0 src or dst myspace.com | sed
> -f /usr/local/sbin/alias_hosts
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96
> bytes
> IP mercedes.domain.name.3807 > profile.myspace.com.http: S
> 2122816955:2122816955(0) win 65535 <mss 1460,nop,nop,sackOK>
> IP profile.myspace.com.http > mercedes.domain.name.3807: S
> 1232998668:1232998668(0) ack 2122816956 win 8190 <mss 1460>
> IP mercedes.domain.name.3807 > profile.myspace.com.http: . ack 1 win
> 65535
> IP mercedes.domain.name.3807 > profile.myspace.com.http: . 1:1453(1452)
> ack 1 win 65535

1452=1460-8=1500-40-8

I suspect that PMTU Discovery by most hosts behind the fw/router fails
due to NATing and a PPP interface MTU of 1492. Try changing the MTUs on
all non-Apple NAT'ed hosts to 1492, or search for TCPMSS in "man iptables"
for a different approach.

--
Clifford Kite
/* "They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." Benjamin Franklin */

On Tue, 19 Dec 2006 22:39:13 -0600, Clifford Kite
<(E-Mail Removed)> wrote:

>(E-Mail Removed) wrote:
>> Hi all I am trying to debug the following problem:
>> When I have PC users on the LAN try to connnect to "*.myspace.com",
>> there is a long wait, followed by the remore host sending a RST, and
>> then even stranger, the NAT gateway here, pushes out a "private
>> address", to which the router just baulks (I would expect). Does anyone
>> have any suggestions as to what might be going on. There are a couple
>> of other issues with a handful of websites, but this is my starting
>> point of investigation. TIA
>
>> Any help would be greatly appreciated.
>
>> A layout and packet trace are below. Specs on systems at very bottom.
>
>> (internet "bigpond.com")---[linux f/w router, rp-pppoe]---[NAT gateway
>> "smeserver 7.0"]---LAN ^^^^^^^^
>
>PPPoEvil
>
>> * I can connect to the web site from the fw/router, no problem.
>> * I can't connect to web site from NAT gateway, same promlem as PC's on
>> LAN.
>> * If I clear ALL of the firewall forward rules, and remove all tc
>> rules, still the same issue.
>> * Apple Mac users on the LAN, can connect no problem (BSD Network
>> Stack?)
>
>> 08:23:59*adriana*~]# tcpdump -lt -i ppp0 src or dst myspace.com | sed
>> -f /usr/local/sbin/alias_hosts
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
>> decode
>> listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96
>> bytes
>> IP mercedes.domain.name.3807 > profile.myspace.com.http: S
>> 2122816955:2122816955(0) win 65535 <mss 1460,nop,nop,sackOK>
>> IP profile.myspace.com.http > mercedes.domain.name.3807: S
>> 1232998668:1232998668(0) ack 2122816956 win 8190 <mss 1460>
>> IP mercedes.domain.name.3807 > profile.myspace.com.http: . ack 1 win
>> 65535
>> IP mercedes.domain.name.3807 > profile.myspace.com.http: . 1:1453(1452)
>> ack 1 win 65535
>
>1452=1460-8=1500-40-8
>
>I suspect that PMTU Discovery by most hosts behind the fw/router fails
>due to NATing and a PPP interface MTU of 1492. Try changing the MTUs on
>all non-Apple NAT'ed hosts to 1492,


No joy. I have tried this approach before.


> or search for TCPMSS in "man iptables"
>for a different approach.


okey, following that good advice, I'm getting there:

$ iptables -t mangle -I POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o
eth0 -j TCPMSS --set-mss 1492

$ ifconfig eth0 mtu 1492; ifconfig eth1 mtu 1492

I can now connect from the NAT gateway
but, still can't connect from workstartions behind the gateway...

I will keep woorking at it following your suggested methodology for
the time being. thanks




tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96
bytes
14:46:48.544028 IP 192.168.1.194.2812 > profile.myspace.com.http: F
1012380934:1012380934(0) ack 2178749501 win 65219
14:46:50.923186 IP mercedes.domain.name.2848 >
profile.myspace.com.http: S 1923531304:1923531304(0) win 65535 <mss
1460,nop,nop,sackOK>
14:46:51.058868 IP 192.168.1.194.2812 > profile.myspace.com.http: F
0:0(0) ack 1 win 65219
14:46:51.100638 IP profile.myspace.com.http >
mercedes.domain.name.2848: S 1031673304:1031673304(0) ack 1923531305
win 8190 <mss 1460>
14:46:51.100912 IP mercedes.domain.name.2848 >
profile.myspace.com.http: . ack 1 win 65535
14:46:51.101172 IP mercedes.domain.name.2848 >
profile.myspace.com.http: . 1:1453(1452) ack 1 win 65535
14:46:51.542166 IP profile.myspace.com.http >
mercedes.domain.name.2848: . ack 1453 win 8190
14:46:51.741539 IP mercedes.domain.name.2848 >
profile.myspace.com.http: P 1453:1659(206) ack 1 win 65535
14:46:51.927609 IP profile.myspace.com.http >
mercedes.domain.name.2848: . ack 1659 win 65535
14:46:52.050184 IP profile.myspace.com.http >
mercedes.domain.name.2848: P 1:290(289) ack 1659 win 65535
14:46:52.165205 IP mercedes.domain.name.2848 >
profile.myspace.com.http: . ack 290 win 65246
14:46:53.661947 IP mercedes.domain.name.2848 >
profile.myspace.com.http: F 1659:1659(0) ack 290 win 65246
14:46:55.972351 IP mercedes.domain.name.2849 >
profile.myspace.com.http: S 3096117072:3096117072(0) win 65535 <mss
1460,nop,nop,sackOK>
14:46:56.150304 IP profile.myspace.com.http >
mercedes.domain.name.2849: S 3780395770:3780395770(0) ack 3096117073
win 8190 <mss 1460>
14:46:56.150592 IP mercedes.domain.name.2849 >
profile.myspace.com.http: . ack 1 win 65535
14:46:56.150821 IP mercedes.domain.name.2849 >
profile.myspace.com.http: . 1:1453(1452) ack 1 win 65535
14:46:56.150839 IP mercedes.domain.name.2849 >
profile.myspace.com.http: P 1453:1659(206) ack 1 win 65535
14:46:56.288794 IP 192.168.1.194.2812 > profile.myspace.com.http: F
0:0(0) ack 1 win 65219
14:46:56.389372 IP mercedes.domain.name.2848 >
profile.myspace.com.http: F 1659:1659(0) ack 290 win 65246
14:46:56.391763 IP profile.myspace.com.http >
mercedes.domain.name.2849: . ack 1659 win 65535
14:46:56.404502 IP profile.myspace.com.http >
mercedes.domain.name.2849: P 1:317(316) ack 1659 win 65535
14:46:56.415245 IP profile.myspace.com.http >
mercedes.domain.name.2849: P 9077:10171(1094) ack 1659 win 65535
14:46:56.415656 IP mercedes.domain.name.2849 >
profile.myspace.com.http: . ack 317 win 65219
14:46:56.566889 IP profile.myspace.com.http >
mercedes.domain.name.2848: . ack 1660 win 65535
14:46:58.503476 IP mercedes.domain.name.2849 >
profile.myspace.com.http: F 1659:1659(0) ack 317 win 65219
14:46:58.682346 IP profile.myspace.com.http >
mercedes.domain.name.2849: . ack 1660 win 65535
14:47:01.353472 IP mercedes.domain.name.2850 >
profile.myspace.com.http: S 1836297827:1836297827(0) win 65535 <mss
1460,nop,nop,sackOK>
14:47:01.531621 IP profile.myspace.com.http >
mercedes.domain.name.2850: S 1725289433:1725289433(0) ack 1836297828
win 8190 <mss 1460>
14:47:01.531805 IP mercedes.domain.name.2850 >
profile.myspace.com.http: . ack 1 win 65535
14:47:01.532143 IP mercedes.domain.name.2850 >
profile.myspace.com.http: . 1:1453(1452) ack 1 win 65535
14:47:01.532161 IP mercedes.domain.name.2850 >
profile.myspace.com.http: P 1453:1659(206) ack 1 win 65535
14:47:01.775720 IP profile.myspace.com.http >
mercedes.domain.name.2850: . ack 1659 win 65535
14:47:01.813618 IP profile.myspace.com.http >
mercedes.domain.name.2850: P 1:267(266) ack 1659 win 65535
14:47:01.821451 IP mercedes.domain.name.2850 >
profile.myspace.com.http: . ack 267 win 65269
14:47:01.823365 IP profile.myspace.com.http >
mercedes.domain.name.2850: P 9027:10127(1100) ack 1659 win 65535
14:47:01.823785 IP mercedes.domain.name.2850 >
profile.myspace.com.http: . ack 267 win 65269
14:47:04.334611 IP mercedes.domain.name.2850 >
profile.myspace.com.http: F 1659:1659(0) ack 267 win 65269
14:47:05.256091 IP mercedes.domain.name.2851 >
profile.myspace.com.http: S 968725927:968725927(0) win 65535 <mss
1460,nop,nop,sackOK>

>
>$ iptables -t mangle -I POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o
>eth0 -j TCPMSS --set-mss 1492
>


changed "-o eth0" TO "-o ppp0" (doh!), and all is swell.

Big thanks mate. Owe you a beer.