weird centos router problem

Hi

I have centos based router machine (iptables, bind, dhcp) that is connected
to ADSL line. Everything was pretty smooth until i changed ADSL provider in
my country...well after changing username and password for new ISP some 60%
of web pages is reachable in my browser and other 40% the browser cant
locate. Everything is setup nice and the way it is suposed to.
one other thing is that when i installed squid an putted my clients to use
proxy all pages started to work. How can that be...

ip forwarding is on --->> net.ipv4.ip_forward = 1

nslookup on client machine is resolving ip address for www.example.com but
browser cant open it!!! how can that be??

IPTABLES SAMPLE
# Generated by iptables-save v1.2.11 on Sat Aug 6 22:36:13 2005
*filter
:INPUT ACCEPT [107:7400]
:FORWARD ACCEPT [9:432]
:OUTPUT ACCEPT [73:6692]
:RH-Firewall-1-INPUT - [0:0]
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 80 -j ACCEPT
#-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 10000 -j
ACCEPT
COMMIT
# Completed on Sat Aug 6 22:36:13 2005
# Generated by iptables-save v1.2.11 on Sat Aug 6 22:36:13 2005
*nat
:PREROUTING ACCEPT [10:524]
:POSTROUTING ACCEPT [1:92]
:OUTPUT ACCEPT [2:132]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Sat Aug 6 22:36:13 2005
# Generated by iptables-save v1.2.11 on Sat Aug 6 22:36:13 2005
*mangle
:PREROUTING ACCEPT [270:15315]
:INPUT ACCEPT [107:7400]
:FORWARD ACCEPT [163:7915]
:OUTPUT ACCEPT [73:6692]
:POSTROUTING ACCEPT [236:14607]
COMMIT

Damn i am confused oO please help guys

WizardofOS wrote:
> Hi
....
> Damn i am confused oO please help guys

This often helps with forwarding by ppp:

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu

Jarek P.

PS: Your firewall isn't blocking anything with current rules.