Am Sam, 2003-10-04 um 02.30 schrieb Pete Zieba: > I then do the following: > I reconfig my workstation to use his ISP's nameserver. > I can now ping domains (yahoo, etc.) > I CANNOT get to MOST websites. (msn.com is one of my > few successes) > > *Note that everything works fine if I try to get to > websites using "links" as a browser in the console of > my linux box. It is only machines on my LAN side that > have problems. You might have some problems with the PMTU-Discovery since you probably have several different MTUs on the Path and firewalling in between. Either get the firewalls to allow ICMP-frag-needed through or you might want to try the TCPMSS target to confine TCP-packet to a maximum size, like: -j TCPMSS --set-mss 1300 or -j TCPMSS --clamp-mss-to-pmtu I do not know if 1300 would be the best value but at least it should get the connection working if thats the problem. Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
