On Sat, Feb 20, 1999 at 08:55:18PM -0800, Gregory Margo wrote:
>On Sat, Feb 20, 1999 at 04:32:59PM -0800, Gregory Margo wrote:
>>
>> Problem: can't get to certain web sites from masqueraded host.
>>
>> I have a pretty basic IP Masquerading setup, with one Windows 98 machine
>> masqueraded behind a Linux 2.0.33 box. The Linux box runs diald & PPP
>> with a dynamic address to the internet. The two machines are connected
>> via ethernet with the usual 192.168.1.[12] addresses.
>>
>> The firewall rules are only the most basic:
>> ipfwadm -F -p deny
>> ipfwadm -F -a masquerade -S 192.168.1.0/24 -D 0.0.0.0/0
>>
>>
>> Most things work. HTTP (to most sites), FTP, etc.
>>
>> However, I can't get to certain web sites from the Windows box,
>> using either Netscape or Internet Explorer.
>>
>> One particular site is http://www.schwab.com.
>>
>> What could cause this? How can I debug it?
>
>I was using an MTU and MRU of 576 on the PPP link. I tried changing
>those to unspecified, it defaults to 1500; now the Schwab web site works.
>However, I perfer 576 for interactive responsiveness.
>
>Has anyone else observed similar problems with packet fragmentation/reassembly?
>Is there any way I can use 576 instead of 1500?
>
>thanks,
>gm
I'm also having the same problems, only with kernel 2.0.36. It *appears*
that all the patches necessary for proper operation of IP Masq have already
been applied to the kernel code (especially the MTU patch!), but I'm also
having significant problems accessing certain web sites, also including the
Schwab web site. I know that the problem is coming from IP Masq because I
can log into the site from the linux box directly, just not from *any*
clients (Netscape, IE, Mac or PC) behind our firewall.
I set up a utility on one of my Macs (OTSessionWatcher) that allows me to
see the conversation between the client and the server, and the initial
response from the server appears OK, but nothing else appears. For those
who are interested, the conversation appears like this:
Send 301 bytes.
<00000000< GET / HTTP/1.1
<00000010< Host: www.schwab.com
<00000026< Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
<00000063< image/xbm, image/x-jg, */*
<0000007F< Accept-Language: en
<00000094< Connection: Keep-Alive
<000000AC< User-Agent: Mozilla/4.0 (compatible; MSIE 4.5; Mac_PowerPC)
<000000E9< UA-OS: MacOS
<000000F7< UA-CPU: PPC
<00000104< Extension: Security/Remote-Passphrase
<0000012B<
Receive 234 bytes.
>00000000> HTTP/1.0 200 OK
>00000011> Server: Netscape-Enterprise/2.01-p100
>00000038> Date: Tue, 23 Feb 1999 15:11:15 GMT
>0000005D> Accept-ranges: bytes
>00000073> Last-modified: Thu, 17 Sep 1998 21:52:05 GMT
>000000A1> Content-length: 1025
>000000B7> Content-type: text/html
>000000D0> Connection: keep-alive
>000000E8>
After receiving this data, the client sits waiting for the rest of the data,
and eventually times out without receiving any more data.
I've tried both defragmenting and not defragmenting, and it makes no
difference. I'm currently rebuilding with a lot of "unnecessary" networking
options disabled, so I'll let everyone know whether that works.
--
// Glenn L. Austin
// Computer Wizard and Race Car Driver
// mailto:[EMAIL PROTECTED]
// http://www.austin-home.com/glenn/
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
