Hi, I'm using a debian box as a router and multiserver between my LAN and the internet.
Everything was working fine till yesterday when I put the box down for upgrading memory, for a few hours. Right now, the external interface of the gateway is fully accessible from the net, and I do not have any problem with the different services I am providing to the outside(mail, webserver. and dns for the web servers). The problem is on the LAN side, I can access some sites but not all the sites as I used to do. For example, I can access the "Start page" search engine but not "Duckduckgo". The gateway can access everything, it's the hosts behind the gateway that cannot. I have 2 interfaces on this box: eth0 which is used as the LAN interface and eth1 which is used as ppp0 with a static IP from my ISP. ------------------------------------------------------------------- /etc/sysctl.conf has the forwarding rule for ipv4 net.ipv4.ip_forward=1 net.ipv4.conf.default.forwarding=1 (maybe useless but I'm kind of trying everything) net.ipv4.conf.all.forwarding=1 (maybe useless but I'm kind of trying everything) ------------------------------------------------------------------- cat cat /proc/sys/net/ipv4/ip_forward 1 ------------------------------------------------------------------- Iptables rules are as follows # delete all existing rules. # iptables -F iptables -t nat -F iptables -t mangle -F iptables -X # Always accept loopback traffic iptables -A INPUT -i lo -j ACCEPT #log udp port 5060 iptables -A INPUT -i ppp0 -p udp --dport 5060 -j LOG --log-level debug #asterisk iptables -A INPUT -i ppp0 -p udp --dport 5060 -j ACCEPT #tor iptables -A INPUT -i ppp0 -p tcp --dport 9001 -j ACCEPT #postfix iptables -A INPUT -i ppp0 -p tcp --dport 25 -j ACCEPT iptables -A INPUT -i ppp0 -p tcp --dport 587 -j ACCEPT #dovecot iptables -A INPUT -i ppp0 -p tcp --dport 110 -j ACCEPT iptables -A INPUT -i ppp0 -p tcp --dport 995 -j ACCEPT iptables -A INPUT -i ppp0 -p tcp --dport 143 -j ACCEPT iptables -A INPUT -i ppp0 -p tcp --dport 993 -j ACCEPT #apache iptables -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT iptables -A INPUT -i ppp0 -p tcp --dport 443 -j ACCEPT #maradns iptables -A INPUT -i ppp0 -p udp --dport 53 -j ACCEPT # Allow established connections, and those not coming from the outside iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow outgoing connections from the LAN side. iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT # Masquerade. iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE # Don't forward from the outside to the inside. iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT # Enable routing. echo 1 > /proc/sys/net/ipv4/ip_forward ------------------------------------------------------------------------ I am totally at loss and was wondering if somebody has an idea about where the problem might be coming from. It seems(according to tcpdump on both interface) that replies from some sites get lost or get an ICMP destination unreachable from the gateway somehow. Thanks a lot. mett -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131226142700.4f9f1be6@asus.tamerr