Masquerading problems: squeeze via lenny
Hi everybody,
I'm banging my head against the wall with this one and could appreciate some hints. Here is the setup: - the gateway box is running lenny and is connected to the internet via eth0 using PPPoE and using shorewall(-perl) to set up a simple firewall and IP forwarding to a 192.168.xx.xx/24 on eth1. It also has dnsmasq for DNS caching and DHCP. - the client box is running squeeze (up-to-date) and is connected via eth0 to eth1 of the lenny box and is now on static IP. The problem is that some websites work flawlessly from the squeeze box and some stall. The same sites are ok from the lenny box. Here are example sessions with wget: $ wget www.google.com --2010-01-03 10:18:58-- http://www.google.com/ Resolving www.google.com... 74.125.87.104, 74.125.87.147, 74.125.87.103, ... Connecting to www.google.com|74.125.87.104|:80... connected. HTTP request sent, awaiting response... 302 Found Location: http://www.google.ro/ [following] --2010-01-03 10:18:58-- http://www.google.ro/ Resolving www.google.ro... 74.125.87.104, 74.125.87.147, 74.125.87.103, ... Reusing existing connection to www.google.com:80. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: “index.html” [ <=> ] 6,630 --.-K/s in 0.001s 2010-01-03 10:18:58 (4.33 MB/s) - “index.html” saved [6630] $ wget www.livecdlist.com --2010-01-03 10:19:49-- http://www.livecdlist.com/ Resolving www.livecdlist.com... 74.81.93.114 Connecting to www.livecdlist.com|74.81.93.114|:80... connected. HTTP request sent, awaiting response... ...and it never completes. I have no idea what to try so any hints are welcome. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic |
Masquerading problems: squeeze via lenny
On Sun, Jan 03, 2010 at 10:30:18AM +0200, Andrei Popescu wrote:
> Hi everybody, > The problem is that some websites work flawlessly from the squeeze box > and some stall. The same sites are ok from the lenny box. Here are > example sessions with wget: Have you tried runing lenny box inside your run? (Not the one as gateway.) Have you checked IPV6 issues discussed recently on debian-devel? Osamu -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
Masquerading problems: squeeze via lenny
Andrei Popescu put forth on 1/3/2010 2:30 AM:
> I have no idea what to try so any hints are welcome. Try looking at your logs. This is exactly why logs exist, for troubleshooting. Start with the Lenny host's log files such as syslog and messages and any/all custom log files you or your firewall config have established. -- Stan -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
Masquerading problems: squeeze via lenny
On Sun,03.Jan.10, 18:10:48, Osamu Aoki wrote:
> On Sun, Jan 03, 2010 at 10:30:18AM +0200, Andrei Popescu wrote: > > Hi everybody, > > The problem is that some websites work flawlessly from the squeeze box > > and some stall. The same sites are ok from the lenny box. Here are > > example sessions with wget: > > Have you tried runing lenny box inside your run? (Not the one as > gateway.) That would be a bit complicated, but maybe I can try a lenny live-cd later on the squeeze box. > Have you checked IPV6 issues discussed recently on debian-devel? I just tried commenting out net.ipv6.bindv6only = 1 in /etc/sysctl.d/bindv6only.conf but no change. The Lenny box also has IPV6_DISABLED=yes set in shorewall.conf Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic |
Masquerading problems: squeeze via lenny
On Sun,03.Jan.10, 03:22:29, Stan Hoeppner wrote:
> Andrei Popescu put forth on 1/3/2010 2:30 AM: > > > I have no idea what to try so any hints are welcome. > > Try looking at your logs. This is exactly why logs exist, for troubleshooting. > Start with the Lenny host's log files such as syslog and messages and any/all > custom log files you or your firewall config have established. I've set all policies to log, but there is nothing interesting I can spot. Just the initial connection (which looks ok to me) and then nothing... Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic |
Masquerading problems: squeeze via lenny
i think your problem is mtu fragmentation.
try on the squeeze the following as root: ifconfig eth0 mtu 1300 and try that wget again marc Am Sonntag 03 Januar 2010 09:30:18 schrieb Andrei Popescu: > Hi everybody, > > I'm banging my head against the wall with this one and could appreciate > some hints. Here is the setup: > > - the gateway box is running lenny and is connected to the internet via > eth0 using PPPoE and using shorewall(-perl) to set up a simple > firewall and IP forwarding to a 192.168.xx.xx/24 on eth1. It also has > dnsmasq for DNS caching and DHCP. > > - the client box is running squeeze (up-to-date) and is connected via > eth0 to eth1 of the lenny box and is now on static IP. > > The problem is that some websites work flawlessly from the squeeze box > and some stall. The same sites are ok from the lenny box. Here are > example sessions with wget: > > $ wget www.google.com > --2010-01-03 10:18:58-- http://www.google.com/ > Resolving www.google.com... 74.125.87.104, 74.125.87.147, 74.125.87.103, > ... Connecting to www.google.com|74.125.87.104|:80... connected. > HTTP request sent, awaiting response... 302 Found > Location: http://www.google.ro/ [following] > --2010-01-03 10:18:58-- http://www.google.ro/ > Resolving www.google.ro... 74.125.87.104, 74.125.87.147, 74.125.87.103, ... > Reusing existing connection to www.google.com:80. > HTTP request sent, awaiting response... 200 OK > Length: unspecified [text/html] > Saving to: “index.html” > > [ <=> > ] 6,630 --.-K/s in 0.001s > > 2010-01-03 10:18:58 (4.33 MB/s) - “index.html” saved [6630] > > $ wget www.livecdlist.com > --2010-01-03 10:19:49-- http://www.livecdlist.com/ > Resolving www.livecdlist.com... 74.81.93.114 > Connecting to www.livecdlist.com|74.81.93.114|:80... connected. > HTTP request sent, awaiting response... > > ...and it never completes. > > I have no idea what to try so any hints are welcome. > > Regards, > Andrei > -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
Masquerading problems: squeeze via lenny
On Sun, Jan 03, 2010 at 12:03:34PM +0100, Marc Schrder wrote:
> i think your problem is mtu fragmentation. > > try on the squeeze the following as root: > > ifconfig eth0 mtu 1300 > > and try that wget again > marc yah... behing choking pppoe connection ... You can add iface eth0 inet dhcp hostname "mymachine" pre-up /sbin/ifconfig $IFACE mtu 1454 in your /etc/network/interfaces of lan machine. See how to check path MTU etc. as: http://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_finding_optimal_mtu (I used to have pppoe connection too.) Osamu -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
Masquerading problems: squeeze via lenny
its better to setup a propper mtu size on the gateway. then all clients behind
will work without extra modifications. marc Am Sonntag 03 Januar 2010 13:02:54 schrieb Osamu Aoki: > On Sun, Jan 03, 2010 at 12:03:34PM +0100, Marc Schrder wrote: > > i think your problem is mtu fragmentation. > > > > try on the squeeze the following as root: > > > > ifconfig eth0 mtu 1300 > > > > and try that wget again > > marc > > yah... behing choking pppoe connection ... > > You can add > > iface eth0 inet dhcp > hostname "mymachine" > pre-up /sbin/ifconfig $IFACE mtu 1454 > > in your /etc/network/interfaces of lan machine. > > See how to check path MTU etc. as: > > http://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_finding_o > ptimal_mtu > > (I used to have pppoe connection too.) > > Osamu > -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
Masquerading problems: squeeze via lenny
Hi,
On Sun, Jan 03, 2010 at 07:45:07PM +0100, Marc Schrder wrote: > its better to setup a propper mtu size on the gateway. then all > clients behind will work without extra modifications. Yes, if the problem is caused by a gateway you control, this is the root cause fix. This is done, as I understand, via iptables. Read manpage of iptable under TCPMSS. It is described there. Osamu -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
Masquerading problems: squeeze via lenny
On Mon,04.Jan.10, 16:32:42, Osamu Aoki wrote:
> Hi, > > On Sun, Jan 03, 2010 at 07:45:07PM +0100, Marc Schrder wrote: > > its better to setup a propper mtu size on the gateway. then all > > clients behind will work without extra modifications. > > Yes, if the problem is caused by a gateway you control, this is the root > cause fix. > > This is done, as I understand, via iptables. Read manpage of iptable > under TCPMSS. It is described there. I set mtu 1454 on the gateway in /etc/ppp/peers/provider and ifconfig ppp0 correctly shows the new setting, but no change. Thanks for the hint though. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic |
| All times are GMT. The time now is 09:57 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.