Well someone on gentoo forums assisted me or more so guided me to the following links: Someone enlightened me to the following: http://redvip.homelinux.net/varios/2.4routing/x1807.html http://redvip.homelinux.net/varios/2.4routing/x1834.html http://www.e-infomax.com/ipmasq/howto/c-html/mtu-issues.html
So it would seem the fix (hack) is this iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu On 6/14/05, Ryan Viljoen <[EMAIL PROTECTED]> wrote: > Ok I have got an old P1 with gentoo 2005.0 installed. I am trying to > get the internet shared so that the rest of the clients can use it. > The only service of interest will be the rp-pppoe that runs at startup > to bring up the connection. Servers hostname is o_O and all outputs > shown is from the server. > > Here is the output of ifconfig to show the current config on the server: > Quote: > --------------------------------------------------------------------------------------------------------- > o_O init.d # ifconfig > eth0 Link encap:Ethernet HWaddr 00:08:A1:62:9A:F1 > inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:10567 errors:0 dropped:0 overruns:0 frame:0 > TX packets:7595 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:901621 (880.4 Kb) TX bytes:1662568 (1.5 Mb) > Interrupt:10 Base address:0xf800 > > eth1 Link encap:Ethernet HWaddr 00:06:4F:13:B2:08 > inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:4910 errors:0 dropped:0 overruns:0 frame:0 > TX packets:4353 errors:0 dropped:0 overruns:0 carrier:0 > collisions:2 txqueuelen:1000 > RX bytes:4297824 (4.0 Mb) TX bytes:356396 (348.0 Kb) > Interrupt:5 Base address:0xf400 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > ppp0 Link encap:Point-to-Point Protocol > inet addr:196.2.118.206 P-t-P:196.30.31.100 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1432 Metric:1 > RX packets:1943 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1700 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 > RX bytes:1485225 (1.4 Mb) TX bytes:112456 (109.8 Kb) > > o_O init.d # > --------------------------------------------------------------------------------------------------------- > Where: > eth0 is the lan connection > eth1 connects to the iburst modem > > I started off with a simple iptables script to just get nat working > without any firewall action: > Code: > --------------------------------------------------------------------------------------------------------- > iptables --flush > iptables --table nat --flush > iptables --delete-chain > iptables --table nat --delete-chain > > # Set up IP FORWARDing and MASQUERADING > iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE > iptables --append FORWARD --in-interface eth0 -j ACCEPT > > echo 1 > /proc/sys/net/ipv4/ip_forward > --------------------------------------------------------------------------------------------------------- > Yes I know that there is quicker way of typeing it out but this is to > make sure I can see clearly what is going on. > > Now that you know what is going on here is the problem at hand. > - I can browse quite happily and ping sites on the server without a > problem, the server gets the DNS info when logging on. > - I can ping websites quite happily from the client pc's, the clients > have their DNS set to a DNS server that works (I use it when using the > connection shared through windows :() > - I cant browse the web on the client pc's > - I cant connect to IRC on the client pc's, it identifies the servers > but doesnt get any further. > > Well I think I have covered just about all the information that I cant find. > > Now for information on the iptables set: > Quote: > --------------------------------------------------------------------------------------------------------- > o_O / # iptables -v -L > Chain INPUT (policy ACCEPT 14886 packets, 4826K bytes) > pkts bytes target prot opt in out source destination > > Chain FORWARD (policy ACCEPT 859 packets, 131K bytes) > pkts bytes target prot opt in out source destination > 270 27023 ACCEPT all -- eth0 any anywhere anywhere > > Chain OUTPUT (policy ACCEPT 11076 packets, 1735K bytes) > pkts bytes target prot opt in out source destination > o_O / # > --------------------------------------------------------------------------------------------------------- > and > Quote: > --------------------------------------------------------------------------------------------------------- > o_O / # iptables -t nat -v -L > Chain PREROUTING (policy ACCEPT 996 packets, 67535 bytes) > pkts bytes target prot opt in out source destination > > Chain POSTROUTING (policy ACCEPT 91 packets, 5295 bytes) > pkts bytes target prot opt in out source destination > 103 7639 MASQUERADE all -- any ppp0 anywhere anywhere > > Chain OUTPUT (policy ACCEPT 35 packets, 2392 bytes) > pkts bytes target prot opt in out source destination > o_O / # > > --------------------------------------------------------------------------------------------------------- > > And lastely just incase you want to see what is compile in my kernel: > Quote: > --------------------------------------------------------------------------------------------------------- > # Networking options > # > CONFIG_PACKET=y > CONFIG_PACKET_MMAP=y > # CONFIG_NETLINK_DEV is not set > CONFIG_UNIX=y > # CONFIG_NET_KEY is not set > CONFIG_INET=y > CONFIG_IP_MULTICAST=y > > CONFIG_IP_ADVANCED_ROUTER=y > CONFIG_IP_MULTIPLE_TABLES=y > # CONFIG_IP_ROUTE_MULTIPATH is not set > CONFIG_IP_ROUTE_VERBOSE=y > # CONFIG_IP_PNP is not set > # CONFIG_NET_IPIP is not set > # CONFIG_NET_IPGRE is not set > # CONFIG_IP_MROUTE is not set > # CONFIG_ARPD is not set > CONFIG_SYN_COOKIES=y > # CONFIG_INET_AH is not set > # CONFIG_INET_ESP is not set > # CONFIG_INET_IPCOMP is not set > CONFIG_INET_TUNNEL=y > CONFIG_IP_TCPDIAG=y > # CONFIG_IP_TCPDIAG_IPV6 is not set > # > # IP: Virtual Server Configuration > # > # CONFIG_IP_VS is not set > # CONFIG_IPV6 is not set > CONFIG_NETFILTER=y > # CONFIG_NETFILTER_DEBUG is not set > > # > # IP: Netfilter Configuration > # > CONFIG_IP_NF_CONNTRACK=y > # CONFIG_IP_NF_CT_ACCT is not set > # CONFIG_IP_NF_CONNTRACK_MARK is not set > # CONFIG_IP_NF_CT_PROTO_SCTP is not set > CONFIG_IP_NF_FTP=y > CONFIG_IP_NF_IRC=y > # CONFIG_IP_NF_TFTP is not set > # CONFIG_IP_NF_AMANDA is not set > CONFIG_IP_NF_QUEUE=y > CONFIG_IP_NF_IPTABLES=y > CONFIG_IP_NF_MATCH_LIMIT=y > CONFIG_IP_NF_MATCH_IPRANGE=y > CONFIG_IP_NF_MATCH_MAC=y > CONFIG_IP_NF_MATCH_PKTTYPE=y > CONFIG_IP_NF_MATCH_MARK=y > CONFIG_IP_NF_MATCH_MULTIPORT=y > CONFIG_IP_NF_MATCH_TOS=y > CONFIG_IP_NF_MATCH_RECENT=y > CONFIG_IP_NF_MATCH_ECN=y > CONFIG_IP_NF_MATCH_DSCP=y > CONFIG_IP_NF_MATCH_AH_ESP=y > CONFIG_IP_NF_MATCH_LENGTH=y > CONFIG_IP_NF_MATCH_TTL=y > CONFIG_IP_NF_MATCH_TCPMSS=y > CONFIG_IP_NF_MATCH_HELPER=y > CONFIG_IP_NF_MATCH_STATE=y > CONFIG_IP_NF_MATCH_CONNTRACK=y > CONFIG_IP_NF_MATCH_OWNER=y > CONFIG_IP_NF_MATCH_ADDRTYPE=y > # CONFIG_IP_NF_MATCH_REALM is not set > # CONFIG_IP_NF_MATCH_SCTP is not set > CONFIG_IP_NF_MATCH_COMMENT=y > # CONFIG_IP_NF_MATCH_HASHLIMIT is not set > CONFIG_IP_NF_FILTER=y > CONFIG_IP_NF_TARGET_REJECT=y > CONFIG_IP_NF_TARGET_LOG=y > CONFIG_IP_NF_TARGET_ULOG=y > CONFIG_IP_NF_TARGET_TCPMSS=y > CONFIG_IP_NF_NAT=y > CONFIG_IP_NF_NAT_NEEDED=y > CONFIG_IP_NF_TARGET_MASQUERADE=y > CONFIG_IP_NF_TARGET_REDIRECT=y > CONFIG_IP_NF_TARGET_NETMAP=y > CONFIG_IP_NF_TARGET_SAME=y > # CONFIG_IP_NF_NAT_SNMP_BASIC is not set > CONFIG_IP_NF_NAT_IRC=y > CONFIG_IP_NF_NAT_FTP=y > CONFIG_IP_NF_MANGLE=y > CONFIG_IP_NF_TARGET_TOS=y > CONFIG_IP_NF_TARGET_ECN=y > CONFIG_IP_NF_TARGET_DSCP=y > CONFIG_IP_NF_TARGET_MARK=y > CONFIG_IP_NF_TARGET_CLASSIFY=y > CONFIG_IP_NF_RAW=y > CONFIG_IP_NF_TARGET_NOTRACK=y > CONFIG_IP_NF_ARPTABLES=y > CONFIG_IP_NF_ARPFILTER=y > CONFIG_IP_NF_ARP_MANGLE=y > CONFIG_XFRM=y > # CONFIG_XFRM_USER is not set > -- > "When you play a Microsoft CD backwards you can hear demonic Voices... > that's nothing - when you play it forward it installs Windows" > Are you fearing my mouse? <:3___)~~~~ > -- "When you play a Microsoft CD backwards you can hear demonic Voices... that's nothing - when you play it forward it installs Windows" Are you fearing my mouse? <:3___)~~~~ -- gentoo-user@gentoo.org mailing list
