I know it's bad form to follow up my own posts, but...
The closest I've come to a solution refers to a problem with IP
Masquerading in the ipchains implementation (using 2.0, or 2.2
kernels). This is one of the reasons I upgraded to RH 7.1 (and the
2.4.2 kernel and iptables). Apparently the problem is that the
initial requests are lost when intermediate routers respond with
requests to fragment or use smaller MTU sizes.
The problem is clearly in the RH 7.1 box, as then I take one of the
machines behind the firewall and access my ISP directly the
unaccessible sites are accessible.
Is there a version of kernel / iptables where this is fixed?
Is there a way to force the ISP into accepting a larger MTU size (e.g. 1500)?
... Glenn
At 10:59 AM -0500 11/17/01, Glenn Henshaw wrote:
> This didn't seem to have any effect. I expect that this is a
>problem at my ISP.
>
>At 9:55 AM -0500 11/15/01, Ben Logan wrote:
>>If your gateway-to-ISP MTU is 1460, I would suggest dropping the MTU
>>on your LAN to around 1400. I can't remember the exact size of the
>>data the kernel adds, but I don't think it was more than 60 bytes. Of
>>course, this assumes that you are using IP-Masq.
>>
>>
>>--
>>Ben Logan: blogan at newcreature dot org
>>OpenPGP Key KeyID: A1ADD1F0
>
>
--
--
Glenn Henshaw | Ottawa, Canada
Play: [EMAIL PROTECTED] | Work: [EMAIL PROTECTED]
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
