Hi folks, I took the plunge recently to move NAT from my router to my shorewall config, and mostly things are ok. Most traffic moves around without problems but sometimes I am having trouble accessing external webservers from non-gateway internal computers. I have stared at the traffic in wireshark (even 2 wiresharks on different interfaces) but can''t see the problem. Nevertheless accessing the same site from the gateway all is well. Importantly, the problem doesn''t seem to be with a particular website... I nominated the subject NAT problem because that is the main thing changed, though of course it could be something else. Can anyone help with suggestions... config available on request... ? Regards Ruth -- Software Manager & Engineer Tel: 01223 414180 Blog: http://www.ivimey.org/blog LinkedIn: http://uk.linkedin.com/in/ruthivimeycook/ ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
On 04/22/2013 07:54 AM, Ruth Ivimey-Cook wrote:> Hi folks, > > I took the plunge recently to move NAT from my router to my shorewall > config, and mostly things are ok. Most traffic moves around without > problems but sometimes I am having trouble accessing external webservers > from non-gateway internal computers. I have stared at the traffic in > wireshark (even 2 wiresharks on different interfaces) but can''t see the > problem. Nevertheless accessing the same site from the gateway all is > well. Importantly, the problem doesn''t seem to be with a particular > website... > > I nominated the subject NAT problem because that is the main thing > changed, though of course it could be something else. > > Can anyone help with suggestions... config available on request... ?Have you tried CLAMPMSS=Yes in shorewall.conf? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
Tom> Ruth Ivimey-Cook wrote: >> Can anyone help with suggestions... config available on request... ? > Have you tried CLAMPMSS=Yes in shorewall.conf?I hadn''t, tried it and it improved things straight away.... thanks :) Sorry I missed it! Many thanks Ruth -- Software Manager & Engineer Tel: 01223 414180 Blog: http://www.ivimey.org/blog LinkedIn: http://uk.linkedin.com/in/ruthivimeycook/ ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter