Are you blocking ICMP ?? On 4/13/05, Ryan Belcher <Ryanb@xxxxxxxxxxxx> wrote: > Gentlemen, > > Thank you! That cleared things up perfectly. ppp0 had the MTU set for 1492; however, none of the other interfaces did (including eth1 which I failed to mention was actually the path to ppp0). You are both gentlemen and scholars. > > Thanks again! > > Ryan > > -----Original Message----- > From: Jason Opperisano [mailto:opie@xxxxxxxxxxx] > Sent: Monday, April 11, 2005 6:04 PM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: Strange connection problems. > > On Fri, Apr 08, 2005 at 05:14:09PM -0400, Ryan Belcher wrote: > > Hi All, > > > > Below I've posted my FW config. It's handling 3 interfaces. ppp0, eth0, an ath0. > > It's on Linux kernel version 2.6.10. > > > > Pretty much everything works as I expect except for a strange issue with certain websites while trying to connect from clients within my network. For example, penny-arcade.com, americanexpress.com SSL logins, and a few others. If you want to poke at this configuration, penny-arcade will appear to begin connection but after the SYN, ACK, then HTTP GET sequence, the HTTP response never gets here (according to Ethereal anyways). If I try connecting from the actual firewalling box itself, it works fine. > > > > Does anyone have any ideas? > > sounds like the classic description of an MTU issue. > > -j > > -- > "Tom Tucker: This is Tom Tucker... Tucker's evil twin Todd Tucker > out to destroy his brother's reputation. Now I'm going to go back inside > my motel room where I'm going to have freaky sex with my prostitute > with whom I still have another 45 minutes." > --Family Guy > > -- Mohamed Eldesoky www.eldesoky.net RHCE
