[vox-tech] HTTP Routing Strangeness - SOLVED
Chris Jenks
jenks at resonance.org
Tue Jul 26 13:48:22 PDT 2005
On Mon, 25 Jul 2005, Rod Roark wrote:
> On Monday 25 July 2005 03:22 pm, Chris Jenks wrote:
>> Setting the iptables rules starts with:
>>
>> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>> iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
>> iptables -P INPUT DROP
>> iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
>
> Seems like this would drop all your incoming UDP packets, e.g.
> responses to DNS queries. Regardless, try starting with the
> simplest possible firewall with NAT and add things a little at
> a time until you find something that breaks it.
>
> -- Rod
I remembered that I had to adjust the MTU from 1500 to 1492 on the
router when I set up pppoe on it, and when I read about MTU again, I
realized that I also need to adjust it on the host machines behind the
firewall as well. When I lowered the setting on one of the hosts from 1500
to 1412, I could download mail.yahoo.com/index.html.
Yours,
Chris
More information about the vox-tech
mailing list