Edwin Humphries wrote:
[snip]
We're setting up a RH7.2 router on a Bigpond ADSL connection, using rp-pppoe. We're experiencing a problem that some sites (eg, Google, Bigpond) load fine on the network clients, but others (eg, Telstra, Pacific.net.au) only load on the router itself (lynx) or on network clients that are set to use the router's proxy. Ping and ssh work fine from the clients.
[snip]
Have you by chance altered the mtu on the outbound interface?
Your symptoms sound awful like ones I recently had. Do a "man iptables" and look at the entry under TCPMSS. Particularly the bit about "criminally braindead ISPs".
TCPMSS This target allows to alter the MSS value of TCP SYN packets, to control the maximum size for that connection (usually limiting it to your outgoing interface’s MTU minus 40). Of course, it can only be used in conjunction with -p tcp.
This target is used to overcome criminally braindead ISPs or
servers which block ICMP Fragmentation Needed packets. The
symptoms of this problem are that everything works fine from
your Linux firewall/router, but machines behind it can never
exchange large packets:
1) Web browsers connect, then hang with no data received.
2) Small mail works fine, but large emails hang.
3) ssh works fine, but scp hangs after initial handshaking.
Workaround: activate this option and add a rule to your firewall
configuration like:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
-j TCPMSS --clamp-mss-to-pmtuHTH
P. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
