This is a mtu problem linksys for sure is announcing a tcpmss adjust at 1450 bytes or less. You have 2 options 1- disable pmtud in the lan boxes and decrease the mtu (begin with 1490 and no more of 1400) and test it. 2- make linux to announce an mss of 1450 (commonly mtu-20) (let me know if you need the theory applied to it) pmutd send packets with DF=1 and expects icmp messages anouncing to reduce the mtu, then pmtud drecreases the mtu over and over again (always with df=1) until the icmp announce dont arrive anymore. Then assumes that this is the correct mtu and send all packets with this mtu. If you can generate this mss icmp packets, its enough and it will work ok, if you dont, you must decrease the mtu of lan interfaces (all of them) hope it helps ----- Original Message ----- From: "Ted Erickson" <tederickson7582@xxxxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Thursday, February 05, 2004 11:54 PM Subject: Major NAT Problem > I am somewhat new to IPTables but not to linux. I have a major problem. > Some background first... I have a PPoA SDSL connection with Qwest running at > 640k/up/down. I have a static block of 8 addresses.....I have a connection > from the DSL modem to eth0 on my Redhat 9.0 box and I have my local network > pluged into eth1. The only thing running on the linux box is IPTables > nothing else. I turned on echo 1 > /proc/sys/net/ipv4/ip_forward and > enabled MASQ in several different ways..... no problem. I can surf the > internet just fine on my local network machine but I have ONE BIG PROBLEM!!! > I can't view a handfull of websites. If I take the linux box out of the > picture and throw a cheap Linksys Router on the same DSL connection I can > see all the web sites i want. IPTables is blocking something but I don't > know what? I can't find any info on the web with this problem. I need to > fix this ASAP or I will have to go with something else, but I want to stay > with linux. > > theo > > _________________________________________________________________ > Get some great ideas here for your sweetheart on Valentine's Day - and > beyond. http://special.msn.com/network/celebrateromance.armx > > >
