On Sat, 2010-02-13 at 17:46 +0100, Bojan Sukalo wrote: > Thank You Guido, maybe that's the way to go. > > Regarding the masquerade I tried that also. Icmp is enabled and what > bothers me most it works even from inside to internet. (I can ping > www.google.com from inside - see the first post in thread). Oh yes, I did forget that. > I 'll try to install newer version of iptables. I hope that > dependencies won't bother me. Try building it from scratch. > If I install newer version of iptables do I have to upgrade kernel or > I can just try and see whether the first update (only iptables) will > give results? The kernel is not that old. Most probably you won't necessarily need to upgrade the kernel as it is 2.6.x. You can try building and installing the latest iptables (version 1.4.6) and only after that a new kernel (latest version is 2.6.32.8). But before doing that, I would suggest you first try another ISP using a dial-up connection to understand whether the TCP MSS diagnosis is correct or not. Good luck. Guido -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
