Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   Masquerading problems: squeeze via lenny (http://www.linux-archive.org/debian-user/303560-masquerading-problems-squeeze-via-lenny.html)

Andrei Popescu 01-03-2010 07:30 AM

Masquerading problems: squeeze via lenny
 
Hi everybody,

I'm banging my head against the wall with this one and could appreciate
some hints. Here is the setup:

- the gateway box is running lenny and is connected to the internet via
eth0 using PPPoE and using shorewall(-perl) to set up a simple
firewall and IP forwarding to a 192.168.xx.xx/24 on eth1. It also has
dnsmasq for DNS caching and DHCP.

- the client box is running squeeze (up-to-date) and is connected via
eth0 to eth1 of the lenny box and is now on static IP.

The problem is that some websites work flawlessly from the squeeze box
and some stall. The same sites are ok from the lenny box. Here are
example sessions with wget:

$ wget www.google.com
--2010-01-03 10:18:58-- http://www.google.com/
Resolving www.google.com... 74.125.87.104, 74.125.87.147, 74.125.87.103, ...
Connecting to www.google.com|74.125.87.104|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://www.google.ro/ [following]
--2010-01-03 10:18:58-- http://www.google.ro/
Resolving www.google.ro... 74.125.87.104, 74.125.87.147, 74.125.87.103, ...
Reusing existing connection to www.google.com:80.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: “index.html”

[ <=> ] 6,630 --.-K/s in 0.001s

2010-01-03 10:18:58 (4.33 MB/s) - “index.html” saved [6630]

$ wget www.livecdlist.com
--2010-01-03 10:19:49-- http://www.livecdlist.com/
Resolving www.livecdlist.com... 74.81.93.114
Connecting to www.livecdlist.com|74.81.93.114|:80... connected.
HTTP request sent, awaiting response...

...and it never completes.

I have no idea what to try so any hints are welcome.

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic

Osamu Aoki 01-03-2010 08:10 AM

Masquerading problems: squeeze via lenny
 
On Sun, Jan 03, 2010 at 10:30:18AM +0200, Andrei Popescu wrote:
> Hi everybody,
> The problem is that some websites work flawlessly from the squeeze box
> and some stall. The same sites are ok from the lenny box. Here are
> example sessions with wget:

Have you tried runing lenny box inside your run? (Not the one as
gateway.)

Have you checked IPV6 issues discussed recently on debian-devel?

Osamu


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Stan Hoeppner 01-03-2010 08:22 AM

Masquerading problems: squeeze via lenny
 
Andrei Popescu put forth on 1/3/2010 2:30 AM:

> I have no idea what to try so any hints are welcome.

Try looking at your logs. This is exactly why logs exist, for troubleshooting.
Start with the Lenny host's log files such as syslog and messages and any/all
custom log files you or your firewall config have established.

--
Stan


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Andrei Popescu 01-03-2010 09:14 AM

Masquerading problems: squeeze via lenny
 
On Sun,03.Jan.10, 18:10:48, Osamu Aoki wrote:
> On Sun, Jan 03, 2010 at 10:30:18AM +0200, Andrei Popescu wrote:
> > Hi everybody,
> > The problem is that some websites work flawlessly from the squeeze box
> > and some stall. The same sites are ok from the lenny box. Here are
> > example sessions with wget:
>
> Have you tried runing lenny box inside your run? (Not the one as
> gateway.)

That would be a bit complicated, but maybe I can try a lenny live-cd
later on the squeeze box.

> Have you checked IPV6 issues discussed recently on debian-devel?

I just tried commenting out

net.ipv6.bindv6only = 1

in /etc/sysctl.d/bindv6only.conf but no change. The Lenny box also has
IPV6_DISABLED=yes set in shorewall.conf

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic

Andrei Popescu 01-03-2010 09:16 AM

Masquerading problems: squeeze via lenny
 
On Sun,03.Jan.10, 03:22:29, Stan Hoeppner wrote:
> Andrei Popescu put forth on 1/3/2010 2:30 AM:
>
> > I have no idea what to try so any hints are welcome.
>
> Try looking at your logs. This is exactly why logs exist, for troubleshooting.
> Start with the Lenny host's log files such as syslog and messages and any/all
> custom log files you or your firewall config have established.

I've set all policies to log, but there is nothing interesting I can
spot. Just the initial connection (which looks ok to me) and then
nothing...

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic

Marc Schröder 01-03-2010 10:03 AM

Masquerading problems: squeeze via lenny
 
i think your problem is mtu fragmentation.

try on the squeeze the following as root:

ifconfig eth0 mtu 1300


and try that wget again


marc


Am Sonntag 03 Januar 2010 09:30:18 schrieb Andrei Popescu:
> Hi everybody,
>
> I'm banging my head against the wall with this one and could appreciate
> some hints. Here is the setup:
>
> - the gateway box is running lenny and is connected to the internet via
> eth0 using PPPoE and using shorewall(-perl) to set up a simple
> firewall and IP forwarding to a 192.168.xx.xx/24 on eth1. It also has
> dnsmasq for DNS caching and DHCP.
>
> - the client box is running squeeze (up-to-date) and is connected via
> eth0 to eth1 of the lenny box and is now on static IP.
>
> The problem is that some websites work flawlessly from the squeeze box
> and some stall. The same sites are ok from the lenny box. Here are
> example sessions with wget:
>
> $ wget www.google.com
> --2010-01-03 10:18:58-- http://www.google.com/
> Resolving www.google.com... 74.125.87.104, 74.125.87.147, 74.125.87.103,
> ... Connecting to www.google.com|74.125.87.104|:80... connected.
> HTTP request sent, awaiting response... 302 Found
> Location: http://www.google.ro/ [following]
> --2010-01-03 10:18:58-- http://www.google.ro/
> Resolving www.google.ro... 74.125.87.104, 74.125.87.147, 74.125.87.103, ...
> Reusing existing connection to www.google.com:80.
> HTTP request sent, awaiting response... 200 OK
> Length: unspecified [text/html]
> Saving to: “index.html”
>
> [ <=>
> ] 6,630 --.-K/s in 0.001s
>
> 2010-01-03 10:18:58 (4.33 MB/s) - “index.html” saved [6630]
>
> $ wget www.livecdlist.com
> --2010-01-03 10:19:49-- http://www.livecdlist.com/
> Resolving www.livecdlist.com... 74.81.93.114
> Connecting to www.livecdlist.com|74.81.93.114|:80... connected.
> HTTP request sent, awaiting response...
>
> ...and it never completes.
>
> I have no idea what to try so any hints are welcome.
>
> Regards,
> Andrei
>


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Osamu Aoki 01-03-2010 11:02 AM

Masquerading problems: squeeze via lenny
 
On Sun, Jan 03, 2010 at 12:03:34PM +0100, Marc Schrder wrote:
> i think your problem is mtu fragmentation.
>
> try on the squeeze the following as root:
>
> ifconfig eth0 mtu 1300
>
> and try that wget again
> marc

yah... behing choking pppoe connection ...

You can add

iface eth0 inet dhcp
hostname "mymachine"
pre-up /sbin/ifconfig $IFACE mtu 1454

in your /etc/network/interfaces of lan machine.

See how to check path MTU etc. as:
http://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_finding_optimal_mtu

(I used to have pppoe connection too.)

Osamu


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Marc Schrder 01-03-2010 05:45 PM

Masquerading problems: squeeze via lenny
 
its better to setup a propper mtu size on the gateway. then all clients behind
will work without extra modifications.

marc

Am Sonntag 03 Januar 2010 13:02:54 schrieb Osamu Aoki:
> On Sun, Jan 03, 2010 at 12:03:34PM +0100, Marc Schrder wrote:
> > i think your problem is mtu fragmentation.
> >
> > try on the squeeze the following as root:
> >
> > ifconfig eth0 mtu 1300
> >
> > and try that wget again
> > marc
>
> yah... behing choking pppoe connection ...
>
> You can add
>
> iface eth0 inet dhcp
> hostname "mymachine"
> pre-up /sbin/ifconfig $IFACE mtu 1454
>
> in your /etc/network/interfaces of lan machine.
>
> See how to check path MTU etc. as:
>
> http://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_finding_o
> ptimal_mtu
>
> (I used to have pppoe connection too.)
>
> Osamu
>


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Osamu Aoki 01-04-2010 06:32 AM

Masquerading problems: squeeze via lenny
 
Hi,

On Sun, Jan 03, 2010 at 07:45:07PM +0100, Marc Schrder wrote:
> its better to setup a propper mtu size on the gateway. then all
> clients behind will work without extra modifications.

Yes, if the problem is caused by a gateway you control, this is the root
cause fix.

This is done, as I understand, via iptables. Read manpage of iptable
under TCPMSS. It is described there.

Osamu


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Andrei Popescu 01-04-2010 09:19 PM

Masquerading problems: squeeze via lenny
 
On Mon,04.Jan.10, 16:32:42, Osamu Aoki wrote:
> Hi,
>
> On Sun, Jan 03, 2010 at 07:45:07PM +0100, Marc Schrder wrote:
> > its better to setup a propper mtu size on the gateway. then all
> > clients behind will work without extra modifications.
>
> Yes, if the problem is caused by a gateway you control, this is the root
> cause fix.
>
> This is done, as I understand, via iptables. Read manpage of iptable
> under TCPMSS. It is described there.

I set

mtu 1454

on the gateway in /etc/ppp/peers/provider and ifconfig ppp0 correctly
shows the new setting, but no change. Thanks for the hint though.

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic


All times are GMT. The time now is 03:41 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.