Re: ip masquerading

To: Debian Users <debian-user@lists.debian.org>
Subject: Re: ip masquerading
From: Daniel Asarnow <dasarnow@gmail.com>
Date: Tue, 16 Nov 2004 19:04:16 -0800
Message-id: <[🔎] 10a06e6004111619045378b412@mail.gmail.com>
Reply-to: Daniel Asarnow <dasarnow@gmail.com>
In-reply-to: <[🔎] cncgbq$ijp$1@sea.gmane.org>
References: <[🔎] 10a06e6004111019038248d6a@mail.gmail.com> <[🔎] 200411110757.02133.alan@chandlerfamily.org.uk> <[🔎] 20041111121420.GD2359@sungate.co.uk> <[🔎] 10a06e6004111217544c9714de@mail.gmail.com> <[🔎] cncgbq$ijp$1@sea.gmane.org>

Thanks for the advice.  It looks like I'll be at this for a while...if
I can't make any headway with it, I'll ask for more help


Thanks again,
da


On Tue, 16 Nov 2004 03:11:38 -0600, Yusuf <yusufad@myrealbox.com.delme> wrote:
> Your firewall rules look, uh, ugly, meaning, not meant for human eyes.
> You should try to isolate your problem from bottom to top:
> 
> Try a minimalistic firewall.  Just for testing, of course, as this is
> totally insecure:
> 
> # Clear all rules
> /sbin/iptables -F; /sbin/iptables -t nat -F; /sbin/iptables -t mangle -F
> 
> # Enable Masquerading
> echo 1 > /proc/sys/net/ipv4/ip_forward
> /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> 
> If this solves your problems, then you should think about changing
> firehol, making the firewall by hand (but with the great help of
> fwbuilder), or (yuck!) trying to "debug" your current firehol rules.
> 
> They are messing with the maximum segment size:
> 
> YN tcpmss match 1400:1536 TCPMSS clamp to PMTU
> 
> trying to divide oversized packets to the maximum transmission unit.
> The MTU is traditionally a source of metaphysical and NAT troubles.
> 
> The problem could also probably come from your connection settings.  Try
> different connections.  You are over "fiver"?  Try a dial-up for a change.
> 
> DSL?  Then maybee the aforementioned clamp is clashing with the one
> provided by pppoe.  Check the config in
> /etc/ppp/providers/<your-config>.  Watch for the syndrome of the Roaring
> Penguin: a few weeks ago my router suddenly stopped NATing, the only
> clue being an obscure cry in /var/log/messages:
> 
> Sep 24 19:45:48 severo pppd[1770]: Couldn't increase MTU to 1500
> 
> The dreaded MTU had again stroke!  Well, more or less.  The problem
> resulted from the inclusion of the rp-pppoe.so plugin in my DSL config
> after an update of pppoeconf.  Or so I believe.
> 
> Anyway, keep islolating the problem, using different frontends, configs,
> connections, machines, religions, whatever, until you corner it in its
> obscure burrow, and then, and then...!
> 
> I have never recommended or performed a Linux reinstall becouse of
> "soft" troubles (except that time when the filesystem went on vacation),
> but there is always that option: partial or full reinstallation, quite
> like in the ol' winbugs days.  But much cleaner and quicker, of course.
> 
> Good luck.  You'll need it ;-)
> 
> --
> 
> 
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
>

Reply to:

Follow-Ups:
- Re: ip masquerading
  - From: Jon Dowland <dowland@gmail.com>

References:
- ip masquerading
  - From: Daniel Asarnow <dasarnow@gmail.com>
- Re: ip masquerading
  - From: Alan Chandler <alan@chandlerfamily.org.uk>
- Re: ip masquerading
  - From: Dave Ewart <davee@sungate.co.uk>
- Re: ip masquerading
  - From: Daniel Asarnow <dasarnow@gmail.com>
- Re: ip masquerading
  - From: Yusuf <yusufad@myrealbox.com.DELME>

Prev by Date: Re: strange error message when trying to upgrade
Next by Date: route takes long time to give the table
Previous by thread: Re: ip masquerading
Next by thread: Re: ip masquerading
Index(es):
- Date
- Thread