Probably you're encoutering the Path MTU Discovery problem. There are serveral solutions to this problem.
1. Lower the MTU of the network interface of your internal host.
2. Use the clamp-mss-to-pmtu feature of iptables: # iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \ --clamp-mss-to-pmtu
Thank you. I used this rule to solved the problem.
You are welcome. Actually, the three methods are not really solutions; they are workarounds. The real solution is to fix the broken firewalls on the Internet, which incorrectly block vital ICMP traffic.
-- Wenzhuo Zhang <wenzhuo@xxxxxxxxxx> GnuPG Key ID 0xBA586A68 Key fpr: 89C7 C6DE D956 F978 3F12 A8AF 5847 F840 BA58 6A68
