Re: No access to some websites

To: Alberto Mardegan <mardy@despammed.com>, debian-firewall@lists.debian.org
Subject: Re: No access to some websites
From: Mike Mestnik <cheako911@yahoo.com>
Date: Wed, 27 Oct 2004 23:51:24 -0700 (PDT)
Message-id: <[🔎] 20041028065124.73644.qmail@web11904.mail.yahoo.com>
In-reply-to: <[🔎] 20041027115746.GA6376@pupilla>

--- Alberto Mardegan <mardy@despammed.com> wrote:

> Hi all!
>   I hope not to be too much offtopic; I'm using a Debian PC which is
> connected to the internet with an USB ADSL modem and to some (2) windows
> PCs though a wireless lan. I currently use no firewall at all (but I'll
> be soon), and this is the script wlan.sh which is invoked when the
> wireless interfaces get started (through the "up" command"):
> 
This was brought up in a previous bug report, IIRC the bug report was soon
closed and an argument insued.  The problem might be that Debian ships
it's kernels with ECN enabled, this is better for the REST of the internet
where ENC workes correctly.

Most other distroes, and Linus's Linux migth you manage to run it
withought a distro, shipe with ECN disabled.  ECN helps the internet not
be flooded by it's users which will make EVERY one be vary happy.

The problem is that some BROKEN fierwalls detect ECN when the bits that
are reseved for future use get used.  When thay see these bits being used
thay deny the pkt, since it can't protect it's clients from whatever might
happen with these bits set.

This is why some sites won't work while others seam not to be affectd. 
The plus side is that if your connected to another host that uses ECN you
can expect to see a 20% increas(stats found using the wondershaper) in
avalable TCP thought put.

> route add -net $IF_ADDRESS netmask $IF_NETMASK $IFACE
> echo 1 > /proc/sys/net/ipv4/ip_forward
> iptables -t filter -F FORWARD
> iptables -t filter -P FORWARD DROP
> iptables -t filter -A FORWARD -s $IF_ADDRESS/$IF_NETMASK -j ACCEPT
> iptables -t filter -A FORWARD -d $IF_ADDRESS/$IF_NETMASK -j ACCEPT
> iptables -t nat -F PREROUTING
> iptables -t nat -P PREROUTING ACCEPT
> iptables -t nat -F POSTROUTING
> iptables -t nat -P POSTROUTING ACCEPT
> iptables -t nat -F OUTPUT
> iptables -t nat -P OUTPUT ACCEPT
> iptables -t nat -A POSTROUTING -s "${IF_ADDRESS}/${IF_NETMASK}" -o ppp0
> -j MASQUERADE
> 
> 
> Is this correct? It works, but I cannot access the www.ebay.it website
> from my internal LAN, while most other sites work ok. Can you see
> something wrong in my script?
> Why is so special about www.ebay.it? I can access it from the Linux
> PC without problems...
> 
> TIA!
> 
> 
> -- 
> Saluti,
>     Mardy
> http://interlingua.altervista.org
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> 

__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail

Reply to:

Follow-Ups:
- Re: No access to some websites
  - From: Wilfried Essig <wedebianlsts@essignetz.de>
- Re: No access to some websites
  - From: Mark-Walter@t-online.de

References:
- No access to some websites
  - From: Alberto Mardegan <mardy@despammed.com>

Prev by Date: Re: Help with pptp
Next by Date: Re: Help with pptp
Previous by thread: Re: No access to some websites
Next by thread: Re: No access to some websites
Index(es):
- Date
- Thread