Re: NAT help?
From: Alexander Dalloz (ad+lists_at_uni-x.org)
Date: 09/19/05
- Previous message: Milo Sasinka: "RE: Xorg-x11 Problem is trashing my machine as well;"
- In reply to: William John Murray: "Re: NAT help?"
- Next in thread: William John Murray: "Re: NAT help?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: For users of Fedora Core releases <fedora-list@redhat.com> Date: Mon, 19 Sep 2005 14:47:02 +0200
Am Mo, den 19.09.2005 schrieb William John Murray um 11:15:
> Thank you Alexander,
> I like your answer, because I also have MTU prolems with a
> tunnel...but it doesn't seem to work. I reduced the rules to:
>
> iptables -F; iptables -t nat -F; iptables -t mangle -F
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>
> and it didn't help.
>
> I realised my previous ack, syn etc were to do with using the wrong
> sitename first. If I enter http://linuxtoday.com/ then almost nothing
> happens inside the NAT domain. I am not sure what packets to look for.
> The router itself does DNS lookup of the site first; maybe I really have
> a DNS problem, because I don't see that from inside? Or maybe it is just
> cached by NetworkManager ... I don't really know where to look.
> Bill
If you think the problem is at least partly DNS related, then test
following:
$ host linuxtoday.com
linuxtoday.com has address 63.236.73.20
Does the "host" command work both on the NAT gateway as well on NATed
clients? If yes, then DNS is working properly. If not (gateway works,
client not), then check the network settings on the client side. The
client has to know about DNS servers. That may be either those of your
ISP or if you run an own one on your NAT gateway (caching-nameserver for
example) it can be that one. Do a cross check by entering
in your borwser. You will have to see the linuxtoday.com page. If not,
then the problem is somewhere else. You said you have MTU problems? If
you are aDSL connected that is a more or less common problem. If unsure
about the correct MTU size please ask your ISP. And running a NAT
gateway it makes it necessary to lower the MSS. iptables has commands
for that: keyword is "mss clamping":
http://iptables-tutorial.frozentux.net/chunkyhtml/x4700.html
On the other hand you can alternatively instruct the rp-pppoe to do
that.
CLAMPMSS=1452
in ifcfg-ppp0 will cause rp-pppoe to set the MSS to 1452. This is 40
bytes less than the MTU (max. PPPoE MTU size is 1492 - some ISPs run a
setup which requires a smaller value of MTU and MSS). If the other side
(target websites i.e.) have a nasty setup which prevents full PMTU
detection, then a wrong setup on your side can cause what you face. Many
pages are accessible, others not. Hope that helps a bit.
Alexander
-- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 14:33:00 up 19:43, 18 users, 0.04, 0.73, 1.46
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- application/pgp-signature attachment: Dies ist ein digital signierter Nachrichtenteil
- Previous message: Milo Sasinka: "RE: Xorg-x11 Problem is trashing my machine as well;"
- In reply to: William John Murray: "Re: NAT help?"
- Next in thread: William John Murray: "Re: NAT help?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
