Djebran Lezzoum
2003-Aug-27 05:28 UTC
[Shorewall-users] [Fwd:] http and smtp connections time out]
Thanks your sujestion unfortunately does not help too have reduce the MTU until all sites loads very slow from MTU 1500 to MTU 200 nothing changed to the sites that do not loaded earliers. best regards. Tom Eastep wrote:> On Tue, 2003-08-26 at 07:14, Djebran Lezzoum wrote: > > >> Thanks your reply! >> >> I am connected to my ISP via ethernet connected to an SHDSL modem >> (COMTREND CT-320). >> Had becoming crazy and tried anything in the doc also CLAMPMSS >> nothing works. >> >> > > > Well, the next thing that I would try is to adjust the MTU of the > internet interface downward until it works. > > -Tom > >Tom Eastep wrote:> On Tue, 2003-08-26 at 04:56, Djebran Lezzoum wrote: > >>I am running red hat 9 with shorewall 1.4.6b-1, >>Have noticed http and smtp connections time out to some hosts I have >>tried >>to change tcp_ecn value but without results - the problem persist. >> >>I am now forced to use ISP smtp server, and ISP http proxy server to >>reach some sites. > > > Is your connection to your ISP through some sort of PPP connection > (PPTP, PPPoE, etc.)? If so, you apparently overlooked the Setup Guide''s > instructions to set CLAMPMSS=Yes in shorewall.conf.
Joshua Banks
2003-Aug-27 07:00 UTC
[Shorewall-users] [Fwd:] http and smtp connections time out]
--- Djebran Lezzoum <dl@log.com.ua> wrote:> Thanks your sujestion unfortunately does not help too > have reduce the MTU until all sites loads very slow from MTU 1500 to MTU > 200 > nothing changed to the sites that do not loaded earliers.Djebran, What kind of connection do you connect to your ISP with? ADSL, DSL, PPOE or PPPdial-up? I thought that you couldn''t get to the internet when the MTU was set to 1500? Of-course sites are going to load slow when your mtu is set to 200. Assuming that you can''t get out to the internet when the MTU is set to 1500 you should try 1492 next. An MTU of 1492 is usually needed if you have a PPPOE connection to the ISP. Without Shorewall installed are you able to get out to the internet without any problems? Meaning if you were to take One machine and and only one machine and hook up to the internet without shorewall installed on that machine would you have the same problems? If you were to take that same PC and only that one PC and install Shorewall do you still have the same problems? Your shorewall logs will show us possibly whats happening. If I were in your shoes I would install tcp dump and or ethereal to see whats happening for sure though. This will be your best friend in this situation and will help isolate the problem in a more timely manner. Joshua Banks __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
Tom Eastep
2003-Aug-27 07:28 UTC
[Shorewall-users] [Fwd:] http and smtp connections time out]
On Wed, 2003-08-27 at 05:24, Djebran Lezzoum wrote:> Thanks your sujestion unfortunately does not help too > have reduce the MTU until all sites loads very slow from MTU 1500 to MTU > 200 > nothing changed to the sites that do not loaded earliers. >Ok. What does a tcpdump of a connection attempt to one of these sites look like? -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Paul Slinski
2003-Aug-27 08:09 UTC
[Shorewall-users] [Fwd:] http and smtp connections time out]
Sounds like DNS resolution problem to me, but I could be wrong. On Wed, 2003-08-27 at 09:59, Joshua Banks wrote:> --- Djebran Lezzoum <dl@log.com.ua> wrote: > > Thanks your sujestion unfortunately does not help too > > have reduce the MTU until all sites loads very slow from MTU 1500 to MTU > > 200 > > nothing changed to the sites that do not loaded earliers. > > Djebran, > > What kind of connection do you connect to your ISP with? ADSL, DSL, PPOE or PPPdial-up? > > I thought that you couldn''t get to the internet when the MTU was set to 1500? Of-course sites are > going to load slow when your mtu is set to 200. Assuming that you can''t get out to the internet > when the MTU is set to 1500 you should try 1492 next. An MTU of 1492 is usually needed if you have > a PPPOE connection to the ISP. > > Without Shorewall installed are you able to get out to the internet without any problems? > > Meaning if you were to take One machine and and only one machine and hook up to the internet > without shorewall installed on that machine would you have the same problems? If you were to take > that same PC and only that one PC and install Shorewall do you still have the same problems? > > Your shorewall logs will show us possibly whats happening. If I were in your shoes I would install > tcp dump and or ethereal to see whats happening for sure though. This will be your best friend in > this situation and will help isolate the problem in a more timely manner. > > Joshua Banks > > __________________________________ > Do you Yahoo!? > The New Yahoo! Search - Faster. Easier. Bingo. > http://search.yahoo.com > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm-- Paul Slinski <pauls@globaliqx.com> Global IQX, Inc.
Tom Eastep
2003-Aug-27 08:15 UTC
[Shorewall-users] [Fwd:] http and smtp connections time out]
On Wed, 2003-08-27 at 08:08, Paul Slinski wrote:> Sounds like DNS resolution problem to me, but I could be wrong. >Might be -- again, if a tcpdump is taken we''ll be able to see what''s going on. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net