Hi! The FORWARD table: (full example script is in http://damyen.technion.ac.il/~dani
# We forward for established sessions $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # The following line will ensure that tcp connections from the masqueraded net # are set with the correct MSS, without the need to change the MTU of the # Ethernet nics of the internal LAN stations $IPTABLES -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu $IPTABLES -A FORWARD -m state --state NEW -s $HOST1_IP -j ACCEPT $IPTABLES -A FORWARD -m limit --limit 60/minute --limit-burst 3 -j LOG --log-level DEBUG --log-prefix "IPT FORWARD packet died: " On Monday 10 March 2003 13:31, you wrote: > Sorry for the laziness, > > but I'll appricate if you can drop the iptable's line which set the ppp's > mtu to the clients. > > > Thanks, > Tomer. > > Dani Arbel wrote: > >Hi Everyone, > >Lately I have fixed a problem with ADSL and internal network that had the > >nature of being non consistant (e.g. coming and going). > >It apears that sometimes the ISP does more than one tunnel ( to switch the > >connection from one server to another?). This reduces the MTU and makes > > the internal network into a black hole. > >In the case I dealt with (pure M$ environment) the solution was to reduce > > the MTU on the internal pc's to 1400 . > >With a linux router you can do it easier - just reduce the ppp MTU to 1400 > > and add a rule in your iptables to adjust the MSS to the ppp interface. > > This might be here also (though the symtoms are a bit different). Dani > > > >On Sunday 09 March 2003 14:39, you wrote: > >>Tomer Dagan wrote: > >>>That the strange thing, > >>>trace route work, dns works. > >>>It is actually look like a slow connection. > >>>When, for example, I'm pointing the browser to ynet > >>>its find the site, its even add the extra path of the url > >>>(http://www.ynet.co.il/home/0,7340,L-8,00.html, for example). > >>>Nothing it come up on the browser, but the browser keeps rolling for > >>>ever. Sometimes its start to load the page and then stop, but the > >>> browser keeps rolling. > >>>The minorities of the site work fine. nana for example. > >>>google is even do the search but most of the links goes no where. > >>> > >>>We also have adsl account at netvision. For a single computer as well. > >>>I wrote a script that replace all the connection definition > >>>(/etc/ppp/..., resolved.conf ...) from 012 to netvision and the same way > >>>back. > >>>When I have the problem I described with 012 I'm moving to netvision and > >>>every thing get fine. > >>>Changing back to 012 - bad. > >>>That lead me to conclude that nothing is wrong with my Linux system. > >>>And as I said, only creating the connection with Windows2000 system I'm > >>>able to fix the connection. > >> > >>Question: what happens if you disconnect the connection and re-establish > >>it without rebooting - does this solves the problem once it happens? > >> > >>What happens if you reboot to Linux (but not to Windows), does this > >>solves the problem once it happens? > >> > >>It is possible that connecting via Windows is not what relly solves the > >>problem but something else, which you happen to do for dialing using > >>Windows. > >> > >>Another idea: > >> > >>Have you tried lowering MTU settings for the clients? > >> > >>Gilad > >> > >> > >>================================================================= > >>To unsubscribe, send mail to [EMAIL PROTECTED] with > >>the word "unsubscribe" in the message body, e.g., run the command > >>echo unsubscribe | mail [EMAIL PROTECTED] -- ________________________________________________________________________ Dr. Daniel Arbel [EMAIL PROTECTED] Network Manager tel: 972-4-8294992 Technion Computer Center fax: 972-4-8222872 ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
