thr3ads.net - Shorewall users - some websites cant be reached [Aug 2004]

If this information is useful, please help other people find it:
Share via:

RexHsu

2004-Aug-20 05:45 UTC

some websites cant be reached

I have an internet router powered by gentoo+shorewall2.0.7+adsl(pppoe)

but my clients(and gateway)  cant access some websites----these sites
must be okay,other sites are okay. The I believe it is caused by MTU or
MSS, but I have no idea yet. Btw, the unaccessable sites are dynamic, it
says: today I cant access www.oracle.com nextday I redail--to get
another ip,I can access www.oracle.com.

Help!

gateway root # ifconfig
eth0      Link encap:Ethernet  HWaddr 00:B0:D0:69:C0:9F
          inet addr:192.168.1.254  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13290045 errors:0 dropped:0 overruns:1 frame:0
          TX packets:15112526 errors:0 dropped:0 overruns:0 carrier:1
          collisions:0 txqueuelen:1000
          RX bytes:1058662806 (1009.6 Mb)  TX bytes:969620897 (924.7 Mb)
          Interrupt:5 Base address:0xe880

eth1      Link encap:Ethernet  HWaddr 00:E0:4C:53:01:B2
          inet addr:192.168.168.1  Bcast:192.168.168.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14454729 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13063604 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:661069189 (630.4 Mb)  TX bytes:1027129661 (979.5 Mb)
          Interrupt:10 Base address:0xec00

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:131511 errors:0 dropped:0 overruns:0 frame:0
          TX packets:131511 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:17614332 (16.7 Mb)  TX bytes:17614332 (16.7 Mb)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:61.171.19.96  P-t-P:218.1.1.253  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:4565968 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4417910 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:3295400546 (3142.7 Mb)  TX bytes:2326957224 (2219.1 Mb)

gateway root # iptables -L FORWARD
Chain FORWARD (policy DROP)
target     prot opt source               destination
accounting  all  --  anywhere             anywhere
DROP      !icmp --  anywhere             anywhere            state INVALID
TCPMSS     tcp  --  anywhere             anywhere            tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
ppp0_fwd   all  --  anywhere             anywhere
eth0_fwd   all  --  anywhere             anywhere
Reject     all  --  anywhere             anywhere
reject     all  --  anywhere             anywhere

gateway root # route -e
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
218.1.1.253     *               255.255.255.255 UH        0 0          0 ppp0
192.168.168.0   *               255.255.255.0   U         0 0          0 eth1
192.168.1.0     *               255.255.255.0     U         0 0 0 eth0
loopback        localhost       255.0.0.0       UG        0 0          0 lo
default         218.1.1.253     0.0.0.0         UG        0 0          0 ppp0

JBanks

2004-Aug-20 08:39 UTC

head link

Re: some websites cant be reached

> I have an internet router powered by gentoo+shorewall2.0.7+adsl(pppoe)
>
> but my clients(and gateway)  cant access some websites----these sites
> must be okay,other sites are okay. The I believe it is caused by MTU or
> MSS, but I have no idea yet.
This is covered in the Shorewall FAQ''s. Please look there first as a 
courtesy before posting. No worries though. Your link is specifically here:
http://www.shorewall.net/FAQ.htm#faq33
You will then need to restart Shorewall for the changes to take effect. In 
the /etc/shorewall dir, type "shorewall", without the quotes ofcourse,
and
you will see some nice shorewall usage commands that you can utilize. If 
your unsure of anything, look here first:
http://www.shorewall.net/Documentation_Index.html but more specifically 
here:
http://www.shorewall.net/starting_and_stopping_shorewall.htm

As a suggestion, you may just want to set everyone up to use an MTU of 1492 
to include the ETH interfaces on your Gentoo/Shoreall box and on the clients 
as well. For Gentoo/Linux its as simple as:

root@toejam trollskin # ifconfig eth0 mtu 1492
root@toejam trollskin # ifconfig
eth0      Link encap:Ethernet  HWaddr 00:10:4Z:92:H8:7Q
          inet addr:192.168.30.66  Bcast:192.168.30.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1492  Metric:1
          RX packets:5870 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4522 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7217205 (6.8 Mb)  TX bytes:383451 (374.4 Kb)

For windows machines you can use Dr.TCP via google or here:
http://www.dslreports.com/drtcp and two good links (one inside the other) 
for additional dr. tcp info. http://www.dslreports.com/faq/832 and a link to 
a usefull Forum if you should decide to use dr. tcp.
http://www.dslreports.com/forum/tweaks

Reasonably Related Threads

Search for more seemingly similar threads

Shorewall users - Aug 2004 - some websites cant be reached

some websites cant be reached

Re: some websites cant be reached

Reasonably Related Threads