Re: browser problem from inside firewall

To: debian-firewall@lists.debian.org
Subject: Re: browser problem from inside firewall
From: Daniel Pittman <daniel@rimspace.net>
Date: Mon, 04 Jul 2005 20:44:28 +1000
Message-id: <[🔎] 87oe9iluk3.fsf@enki.rimspace.net>
References: <[🔎] 2322-Mon04Jul2005104017+0100-jpff@codemist.co.uk>

On 4 Jul 2005, jpff@codemist.co.uk wrote:
> I have just (well yesterday) changed by firewall from an aging RedHat
> system to Debian.  Most things seem OK (couple of minor spamassassin
> problems) but there is one MAJOR problem that I do not understand.
>
> The simplest form is when a user inside the firewall attempts to
> upload a photo to flickr.com it just hangs and eventually times out.
> If the same thing is done from the firewall itself it works
> instantly.  I deduce that something in Debian is being very cautious,
> but I do not know what.  The iptables I have as the same as on
> previous system, and it used to work.

At a guess, you lost the "MTU clamping" fix for the "path MTU blackhole"
on the ADSL line servicing the business.  This is probably because it
was done in the PPPoE client, not the iptables firewall itself.

Have a look at the TCPMSS target, and the clamp MTU to MSS, or whatever
it is, option, which resolves this in iptables.

   Daniel

-- 
We live in a hallucination of our own devising.
        -- Alan Kay

Reply to:

Follow-Ups:
- Re: browser problem from inside firewall
  - From: jpff@codemist.co.uk

References:
- browser problem from inside firewall
  - From: jpff@codemist.co.uk

Prev by Date: Re: browser problem from inside firewall
Next by Date: Re: Firewall-troubleshooting
Previous by thread: Re:firewall troubleshooting
Next by thread: Re: browser problem from inside firewall
Index(es):
- Date
- Thread