moseley@hank.org wrote:

I'm trying to understand why I can't access a host from my NAT network.
I thought my firewall must be blocking.  I enabled logging of dropped

packets but still didn't see what wasn't working.

So I disabled it and now have a very basic masquerading setup -- no
dropping (shown below).  NAT is working from my internal laptop:

> -SNIP- <

If you are able to connect to other sites from the internal network, andonly have problems with this site (or maybe just a few others), I wouldsuspect ECN is set on your NAT box. Check /proc/sys/net/ipv4/tcp_ecnand see if it is set to something other than 0 (zero).

This is a "feature" in the 2.4.X kernels that isn't universallyrecognized among the routers on the Internet, and causes some sites tobe mysteriously in-accessable. This option is usually selected atkernel compile time. I "think" you can change it on the fly by echoinga zero to this file... but I am not sure. You might want to search thearchives on the keyword "ecn" .... I am sure it has been discussed herebefore.


Cheers,
-Don Spoon-

Reply to:

Follow-Ups:
- Re: Can't access a site from Masqueraded host
  - From: Bill Moseley <moseley@hank.org>
- Re: Can't access a site from Masqueraded host
  - From: Nicos Gollan <gtdev@spearhead.de>

References:
- Can't access a site from Masqueraded host
  - From: moseley@hank.org

Prev by Date: Re: keymap
Next by Date: Re: Do all debian kernel packages require an initrd?
Previous by thread: Re: Can't access a site from Masqueraded host
Next by thread: Re: Can't access a site from Masqueraded host
Index(es):
- Date
- Thread

Re: Can't access a site from Masqueraded host