Friends,
I've set up routers several times with gentoo systems and
iptables. The second-to-last system I set up works over DSL on the
Qwest network. Everything is working as planned ( the same setup as
the gentoo home router guide), except for one strange problem.
A few websites (www.thepiratebay.org, comcast.net) aren't
loading up properly from behind the NAT. The router itself can access
the sites; they can also be accessed through TOR. However, behind the
firewall, there is no access.
I know you're all going to want to see the firewall rules.
I've opened them all up to ACCEPT all packets. The only rule is for
masquerading IPs going out on ppp0, and that's working fine for the
most part. There are also Fail2Ban tables for SSH, but
these tables appear to be working fine. Full iptables are listed below.
I tested access through my firewall, and of course it worked
fine. I am really stumped on this one; not sure if it's a problem with
the way thepiratebay.org website works, the firewall, being the first
I set up over DSL, or some other problem. Somebody suggested MTU
problems; we tried turning the MTU on the ethernet interface bound to
the ppp0 device from 1500 to 1492, but no luck came of it.
any suggestions would be greatly appreciated.
sincerely,
dan farrell
==================================================================
IPTABLES
---------------------------------------------------------------
hermes ~ # iptables -L -v
Chain INPUT (policy ACCEPT 91953 packets, 23M bytes)
pkts bytes target prot opt in out source
destination
84 9704 fail2ban-SSH tcp -- any any anywhere
anywhere tcp dpt:ssh
Chain FORWARD (policy ACCEPT 649K packets, 553M bytes)
pkts bytes target prot opt in out source
destination
2729 129K TCPMSS tcp -- any any anywhere
anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
Chain OUTPUT (policy ACCEPT 459K packets, 64M bytes)
pkts bytes target prot opt in out source
destination
Chain fail2ban-SSH (1 references)
pkts bytes target prot opt in out source
destination
20 3084 DROP all -- any any
60-244-101-40.vdslpro.static.apol .com.tw anywhere
64 6620 RETURN all -- any any anywhere
anywhere
-----------------------------------------------------------
NAT table
-----------------------------------------------------------
hermes ~ # iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 72794 packets, 7040K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 442 packets, 35796 bytes)
pkts bytes target prot opt in out source
destination 6155 337K MASQUERADE all -- any ppp0
anywhere anywhere
Chain OUTPUT (policy ACCEPT 23518 packets, 1366K bytes)
pkts bytes target prot opt in out source
destination
-----------------------------------------------------------
===================================================================
--
[EMAIL PROTECTED] mailing list
