[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

IP Masquerading and packet fragmentation problems

[ I realise that this may be off-topic for Debian-ISP, as I'm not an
  ISP. But the expertise is out there...]

Since setting up a separate machine as firewall/router for my small home
LAN, I've had problems with accessing large emails and certain web pages
from machines on my LAN. 

Symptoms: The download of pages gets a few Kb, and then hangs. Short
emails download OK, but for any large(ish) ones fetchmail gets a few KB
after which it appears that nothing more is received (as if the pop3
server has hung itself)

Oddly enough, when accessing the same emails and web pages from the
firewall itself, everything works !? 

If I run tproxy (debian package: transproxy), and configure the firewall
as a proxy in the browsers, the problem goes away.

It is not 100% reproducible; it seems to be affected by other traffic on
the line.

I am beginning to suspect that it is packet fragmentation related;
according to tcpdump, quite a few more packets appear on ppp0 (the
internet connection) than on eth0 (my internal lan).

I'm out of my depth here. Does my description above ring any bells? Any
ideas to diagnose it will be welcome!

The set-up:
        2.4.18 kernel (ancient 66MHz 486dx, but it works :-)
        connects to ISP via diald/ppp. 
        eth0 connected to home LAN (
        IP Masquerading, firewalling via shorewall (was quick to set up)
        DNS server with auth for LAN, forwarding for everything else
        DHCP server

        2.4.18 kernel
        eth0 to home LAN
        firewall set up as default gateway

Karl E. Jørgensen
Please study http://www.rfc855.org

Attachment: pgpq7tPKRvuPg.pgp
Description: PGP signature

Reply to: