IP forwarding on router box no longer working after lenny upgrade; can ping but not get http request from outside hosts
I have a simple home router setup. The router runs Debian Lenny; the
client runs Ubuntu. The router has two NICs; one connects to the ISP,
the other to an internal switch.
The router box has no network issues with the Internet. I can ping, surf
The client box has no problems talking to the router. I can ssh to the
router, mount NFS shares, etc..
Before the Lenny upgrade, the router box was forwarding Internet traffic
from the client to the Internet without trouble.
After the Lenny upgrade, I can no longer make any connection from the
client to the Internet that transmits more than few bytes. I can ping
from the client, do DNS lookups, and even get a short error message from
an external website by telnetting from the client to port 80 on the
external website and sending an invalid requst. If I send a *valid*
request, however (e.g. GET /index.html HTTP/1.0), I get no response. The
connection just times out.
/proc/net/ip_conntrack shows all the relevant connections in CLOSE_WAIT
or TIME_WAIT status.
sysctl is properly configured:
net.ipv4.conf.all.forwarding = 1
I have ip_masquerading enabled.
I don't think this is a problem with the forwarding setup, since I am
able to ping and make an initial HTTP connection. It's only when more
than a few bytes are supposed to come back that it times out.
Finally, just as an experiment, I tried reducing the MTU packet size on
the client, but it made no difference.
Nothing relevant appears in syslog or kernel logs. I tried logging
packets in invalid state; no luck.
Any suggestions on how to fix or further troubleshoot this?