Re: Firewall problems

Post removed (X-No-Archive: yes)

Re: Firewall problems

Gamello wrote:
> I've got this firewall configuration on a suse 10.1 distribution:
> iptables -P INPUT ACCEPT
> iptables -P OUTPUT ACCEPT
> iptables -P FORWARD ACCEPT
>
> iptables -t nat -A POSTROUTING -o dsl1 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Lan is working correctly.
>
> The problem is that my lan computers behind this firewall can't open
> certain web sites, but other sites are correctly browsed.
> I can't understand the cause even because policies are dropping
> nothing.

You are probably experiencing fragmentation problems. This usually
happens when you're on a DSL uplink, some router between your host and
the server requests packet fragmentation (by sending back the respective
ICMP message), and the message gets dropped somewhere en-route, because
some idiot admin blocks ICMP.

Try this:

iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN \
-o dsl1 -j TCPMSS --clamp-mss-to-pmtu

Besides, you do *not* have a firewall here, because you allow each and
every traffic between the networks connected by this router.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Firewall problems

Hi
I've got this firewall configuration on a suse 10.1 distribution:
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -t nat -A POSTROUTING -o dsl1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

Lan is working correctly.

The problem is that my lan computers behind this firewall can't open
certain web sites, but other sites are correctly browsed.
I can't understand the cause even because policies are dropping nothing.

Thanks