[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: No access to some websites

--- Alberto Mardegan <mardy@despammed.com> wrote:

> Hi all!
>   I hope not to be too much offtopic; I'm using a Debian PC which is
> connected to the internet with an USB ADSL modem and to some (2) windows
> PCs though a wireless lan. I currently use no firewall at all (but I'll
> be soon), and this is the script wlan.sh which is invoked when the
> wireless interfaces get started (through the "up" command"):
This was brought up in a previous bug report, IIRC the bug report was soon
closed and an argument insued.  The problem might be that Debian ships
it's kernels with ECN enabled, this is better for the REST of the internet
where ENC workes correctly.

Most other distroes, and Linus's Linux migth you manage to run it
withought a distro, shipe with ECN disabled.  ECN helps the internet not
be flooded by it's users which will make EVERY one be vary happy.

The problem is that some BROKEN fierwalls detect ECN when the bits that
are reseved for future use get used.  When thay see these bits being used
thay deny the pkt, since it can't protect it's clients from whatever might
happen with these bits set.

This is why some sites won't work while others seam not to be affectd. 
The plus side is that if your connected to another host that uses ECN you
can expect to see a 20% increas(stats found using the wondershaper) in
avalable TCP thought put.

> route add -net $IF_ADDRESS netmask $IF_NETMASK $IFACE
> echo 1 > /proc/sys/net/ipv4/ip_forward
> iptables -t filter -F FORWARD
> iptables -t filter -P FORWARD DROP
> iptables -t filter -A FORWARD -s $IF_ADDRESS/$IF_NETMASK -j ACCEPT
> iptables -t filter -A FORWARD -d $IF_ADDRESS/$IF_NETMASK -j ACCEPT
> iptables -t nat -F PREROUTING
> iptables -t nat -P PREROUTING ACCEPT
> iptables -t nat -F POSTROUTING
> iptables -t nat -P POSTROUTING ACCEPT
> iptables -t nat -F OUTPUT
> iptables -t nat -P OUTPUT ACCEPT
> iptables -t nat -A POSTROUTING -s "${IF_ADDRESS}/${IF_NETMASK}" -o ppp0
> Is this correct? It works, but I cannot access the www.ebay.it website
> from my internal LAN, while most other sites work ok. Can you see
> something wrong in my script?
> Why is so special about www.ebay.it? I can access it from the Linux
> PC without problems...
> TIA!
> -- 
> Saluti,
>     Mardy
> http://interlingua.altervista.org
> -- 
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org

Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.

Reply to: