|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] IP masquerading problem
|
On Sat, Aug 04, 2001 at 11:28:41AM -0400, Brian Kirk wrote:
> Hi all,
> I recently setup a debian (2.2.19 potato) firewall/gateway at my friend's
> house, but it's been having problems with the ip masquerading.
> Specifically, when any of the windows machines inside the firewall try to
> get to certain websites, it times out forever (2 example sites are
> www.septa.org and us.hsbc.com). From the firewall itself, these sites are
> perfectly accessable (via lynx). I noticed that these two sites seem to
> be denying icmp packets or something, as they're not returning a ping from
> any box. Is this some sort of ip header problem? Has anyone ever heard
> of a problem like this? I'm sketchy on how the ip masquerading works in
> detail, so any help would be much appreciated.
First off, its fairly common for sites to not return pings these
days, so that's not a good tool for determining the status of a
machine anymore. Even our beloved slashdot drops them.
Next, the problem probably lies in the ipchains rules that are
setup on the firewall/gateway. I have a similar system as my
firewall/gateway and both of the sites mentioned come through
just fine (albeit to a linux client). So...
1) What are your ipchain rules?
2) Anything interesting poping up in /var/log/kern.log when
attempting to reach these sites from the masqed clients? It
could be that the sites want to use some other ports that you
have closed.
3) Are these sites only problematic for Windows machines behind
the firewall, or is that all that you have to test w/?
4) Are you setting any proxy stuff in the browser? Is a problem
across browsers?
Greg
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|