Hi Carlos, I see you have ppp0. Is it pppeo? If so, check the MTU on the link. http://www.google.com/search?hl=en&ie=ISO-8859-1&q=pppoe+mtu Ramin On Tue, Aug 12, 2003 at 07:28:35AM -0300, Carlos Delfino Carvalho Pinheiro wrote: > Hi Netfiltersssss > > My Name is Carlos Delfino, Im Braziliannnnnn!!!! > > I have one linux box with iptables and have this rules: > > # Generated by iptables-save v1.2.8 on Tue Aug 12 06:45:43 2003 > *nat > :PREROUTING ACCEPT [1927:128320] > :POSTROUTING ACCEPT [187:14251] > :OUTPUT ACCEPT [152:9331] > -A PREROUTING -i ppp0 -p tcp -m tcp --dport 5900 -j DNAT --to-destination 192.168.1.200 > -A PREROUTING -i ppp0 -p tcp -m tcp --dport 5800 -j DNAT --to-destination 192.168.1.200 > -A POSTROUTING -o ppp0 -j MASQUERADE > COMMIT > # Completed on Tue Aug 12 06:45:43 2003 > # Generated by iptables-save v1.2.8 on Tue Aug 12 06:45:43 2003 > *mangle > :PREROUTING ACCEPT [189955:64457766] > :INPUT ACCEPT [121895:44059863] > :FORWARD ACCEPT [67807:20272319] > :OUTPUT ACCEPT [112104:15205088] > :POSTROUTING ACCEPT [179911:35477407] > -A POSTROUTING -o ppp0 -j TTL --ttl-set 128 > -A POSTROUTING -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu > COMMIT > # Completed on Tue Aug 12 06:45:43 2003 > # Generated by iptables-save v1.2.8 on Tue Aug 12 06:45:43 2003 > *filter > :INPUT ACCEPT [73566:41975072] > :FORWARD ACCEPT [67807:20272319] > :OUTPUT ACCEPT [112106:15205496] > :ACCEPT-LOG - [0:0] > :REJECT-LOG - [0:0] > :REJECT-RESET-LOG - [0:0] > :RH-Lokkit-0-50-INPUT - [0:0] > -A INPUT -j RH-Lokkit-0-50-INPUT > -A FORWARD -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "OUTPUT packet died: " --log-level debug > -A OUTPUT -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "OUTPUT packet died: " --log-level debug > -A ACCEPT-LOG -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j LOG --log-prefix "ACCEPT " --log-level debug > -A ACCEPT-LOG -j ACCEPT > -A REJECT-LOG -j LOG --log-prefix "REJECTED " --log-level debug > -A REJECT-LOG -j REJECT --reject-with icmp-port-unreachable > -A REJECT-RESET-LOG -j LOG --log-prefix "REJECTED WITH RESET " --log-level debug > -A REJECT-RESET-LOG -p tcp -m tcp -j REJECT --reject-with tcp-reset > -A RH-Lokkit-0-50-INPUT -s 200.202.193.76 -p udp -m udp --sport 53 --dport 1025:65535 -j ACCEPT > -A RH-Lokkit-0-50-INPUT -s 200.223.0.84 -p udp -m udp --sport 53 --dport 1025:65535 -j ACCEPT > -A RH-Lokkit-0-50-INPUT -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "INPUT packet died: " --log-level debug > -A RH-Lokkit-0-50-INPUT -p udp -m udp --sport 53 --dport 1025:65535 -j ACCEPT-LOG > -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT-LOG > -A RH-Lokkit-0-50-INPUT -i ppp0 -p tcp -m tcp --dport 113 -j REJECT-RESET-LOG > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 5900 -j ACCEPT-LOG > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 5800 -j ACCEPT-LOG > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 -j ACCEPT-LOG > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 -j ACCEPT-LOG > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j REJECT-LOG > -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT-LOG > COMMIT > # Completed on Tue Aug 12 06:45:43 2003 > > my kernel is 2.4.20 more POM. > > > but I not send big E-mails, E-mails greats with 20K. > > I use the linux like one firewall for my Windows98 boxxxx!!! > > thanks > > ~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~ Carlos Delfino Carvalho Pinheiro > ~ Especialista em Redes de Computadores > ~ (85) 9609-5201 > ~ (85) 245-7809 > ~ suporte@xxxxxxxxxxxxxxxxxxxx > ~ Duvidas? http://www.carlosdelfino.eti.br/dicas/ > ~~~~~~~~~~~~~~~~~~~~~~~~~~
