Hi!
The FORWARD table: (full example script is in 
http://damyen.technion.ac.il/~dani

# We forward for established sessions
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# The following line will ensure that tcp connections from the masqueraded net
# are set with the correct MSS, without the need to change the MTU of the
# Ethernet nics of the internal LAN stations 
$IPTABLES  -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS 
--clamp-mss-to-pmtu
$IPTABLES -A FORWARD -m state --state NEW -s $HOST1_IP -j ACCEPT
$IPTABLES -A FORWARD -m limit --limit 60/minute --limit-burst 3 -j LOG 
--log-level DEBUG --log-prefix "IPT FORWARD packet died: "


On Monday 10 March 2003 13:31, you wrote:
> Sorry for the laziness,
>
> but I'll appricate if you can drop the iptable's line which set the ppp's
> mtu to the clients.
>
>
> Thanks,
>       Tomer.
>
> Dani Arbel wrote:
> >Hi Everyone,
> >Lately I have fixed a problem with ADSL and internal network that had the
> >nature of being non consistant (e.g. coming and going).
> >It apears that sometimes the ISP does more than one tunnel ( to switch the
> >connection from one server to another?). This reduces the MTU and makes
> > the internal network into a black hole.
> >In the case I dealt with (pure M$ environment) the solution was to reduce
> > the MTU on the internal pc's to 1400 .
> >With a linux router you can do it easier - just reduce the ppp MTU to 1400
> > and add a rule in your iptables to adjust the MSS to the ppp interface.
> > This might be here also (though the symtoms are a bit different). Dani
> >
> >On Sunday 09 March 2003 14:39, you wrote:
> >>Tomer Dagan wrote:
> >>>That the strange thing,
> >>>trace route work, dns works.
> >>>It is actually look like a slow connection.
> >>>When, for example, I'm pointing the browser to ynet
> >>>its find the site, its even add the extra path of the url
> >>>(http://www.ynet.co.il/home/0,7340,L-8,00.html, for example).
> >>>Nothing it come up on the browser, but the browser keeps rolling for
> >>>ever. Sometimes its start to load the page and then stop, but the
> >>> browser keeps rolling.
> >>>The minorities of the site work fine. nana for example.
> >>>google is even do the search but most of the links goes no where.
> >>>
> >>>We also have adsl account at netvision. For a single computer as well.
> >>>I wrote a script that replace all the connection definition
> >>>(/etc/ppp/..., resolved.conf ...) from 012 to netvision and the same way
> >>>back.
> >>>When I have the problem I described with 012 I'm moving to netvision and
> >>>every thing get fine.
> >>>Changing back to 012 - bad.
> >>>That lead me to conclude that nothing is wrong with my Linux system.
> >>>And as I said, only creating the connection with Windows2000 system I'm
> >>>able to fix the connection.
> >>
> >>Question: what happens if you disconnect the connection and re-establish
> >>it without rebooting - does this solves the problem once it happens?
> >>
> >>What happens if you reboot to Linux (but not to Windows), does this
> >>solves the problem once it happens?
> >>
> >>It is possible that connecting via Windows is not what relly solves the
> >>problem but something else, which you happen to do for dialing using
> >>Windows.
> >>
> >>Another idea:
> >>
> >>Have you tried lowering MTU settings for the clients?
> >>
> >>Gilad
> >>
> >>
> >>=================================================================
> >>To unsubscribe, send mail to [EMAIL PROTECTED] with
> >>the word "unsubscribe" in the message body, e.g., run the command
> >>echo unsubscribe | mail [EMAIL PROTECTED]

-- 
________________________________________________________________________

Dr. Daniel Arbel                                [EMAIL PROTECTED]
Network Manager                                 tel:       972-4-8294992
Technion Computer Center                        fax:       972-4-8222872


=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Reply via email to