I haven't actually tried this, but your description of what's happening is
about what I would expect. The browser knows nothing about your firewall,
remember, so from its perspective, it sends out a request for a URL, waits
for a response, then eventually times out after not receiving one ... just
like any other broken link.
Siunce you are DENYing or REJECTing the outgoing datagrams to 204.176.36.72,
it is to be expected that they never should up on ppp0 ... they get blocked
by the output chain rule (either one) that you've specified. So there is
nothing for tcpdump to dump.
You'd probably do better to consider using a proxy server like junkbuster
for this purpose.
At 03:17 PM 5/26/00 -0000, [EMAIL PROTECTED] wrote:
>
>I am toying with the awesome idea of killing banner ad companies at my
>firewall, It works.. (quite nicely) but it also seems to slow web surfing
>down alot..
>
>the line in the firewall is :
># REJECT packets on ppp0 which are from advert sites.
> /sbin/ipchains -A output -i ppp0 -s 0.0.0.0/0 -d 204.176.36.72 -j DENY
>
>I have also tried :
># REJECT packets on ppp0 which are from advert sites.
> /sbin/ipchains -A output -i ppp0 -s 0.0.0.0/0 -d 204.176.36.72 -j REJECT
>
>Both have the same effect as far as I can tell, the problem seems to be that
>the first 5-8 seconds that the server tries to access a site that asks for
>204.176.36.72 it just sits there and does nothing, even a tcpdump -ai ppp0
>|grep DENY doesn't seem to bring anything up.
>
>After the initial pause it is quite happy to browse the rest of the page..
>Any ideas on how to tweak the pause out of it?
------------------------------------"Never tell me the odds!"---
Ray Olszewski -- Han Solo
Palo Alto, CA [EMAIL PROTECTED]
----------------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
