Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

iptables + pppd => some sites are not accessible

Status
Not open for further replies.
aleonhardt

aleonhardt

Technical User
May 12, 2003
60
GB
Hi all,

I have a strange iptables+pppd+website problem.. I developed my own dsl+firewall+vpn router, but I have some problems when accessing some websites (not all!) as ebay.de/com and others ..

First, I thought it would be the PMTU issue, but adding the appropriate rule didn't solve the problem. Even tcpdumps of the connection to such a webserver didn't give a hint of the problem ..

I've posted my rules at another forum : .. maybe that is helpful, even it's in german ..

Hope anybody has an idea ..

Many thanks,
-Alex
 
Sort by date Sort by votes
Have you tried dissecting the situation to figure out which piece of the equation is the offending party?

Firewall rules (I didn't look at yours) generally do not create a "sometimes" connectivity problem. They are very black-or-white unless you've written a LOT of IP-SPECIFIC or string matching patterns into your rules.

That said, I'd suggest stripping your IPTables down to the barest level or running with none at all to make sure that you don't have a DNS, latency, routing, or physical wiring problem. Convince yourself that everything works fine at the simplest level of the solution before you make it more complex.

My $0.02USD ~ 0.02 Euros

 
Upvote 0 Downvote
Hi,

using a clean / plain ruleset is quite difficult as I use the router with a isp-failover. If some rules are not available or at the wrong place, I will always get a ISDN dial-up .. but I will try to simplify the rules as much as possible and then try to add one rule after another - only if it's working without the current rules ..

Thanks!
-Alex
 
Upvote 0 Downvote
hi,

unfortunately yes .. I have several requirements to write my own firewall rules ...

-alex
 
Upvote 0 Downvote
SOLVED !!!

The problem source wasn't a iptables rule or the PMTU .. I guess the pppd or pppoe-plugin is buggy ..

What did I do ?

I commented the entries for "mru" and "mtu" in the ppp-config-file I use and restarted the pppd .. that's all !!

-Alex
 
Upvote 0 Downvote
pppoe requires certain, smaller MTU sizes. 1394 comes to mind.

my guess is that the pppd/pppoed daemon "knew" to change that setting and you were conflicting/over-riding the setting in your script?

 
Upvote 0 Downvote
Hi,

no, I use T-DSL 1000 from German Telekom and the standard setting (here in germany) is a MTU size of 1492 and I used them. I also tried 1400 but didn't have any effect. Only after commenting that settings (MTU + MRU) all connections were succesfully.

-Alex
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

hobbytech
  • Locked
  • Question
Internet not connecting
Replies
5
Views
598
Stephen_Hawk
Stephen_Hawk
CecilXavier
  • Locked
  • Question
RHEL IDM with Radius not authenticating
Replies
0
Views
381
CecilXavier
CecilXavier
kurio71
  • Locked
  • Question
Favicons not Working after Redirection 1
Replies
7
Views
471
ChrisHirst
ChrisHirst
waydown
  • Locked
  • Question
Network card not detected
Replies
1
Views
300
ChrisHirst
ChrisHirst
Olaf Doschke
  • Locked
  • Question
some URL rewrites get visible
Replies
1
Views
208
Olaf Doschke
Olaf Doschke

Part and Inventory Search

Sponsor

Back
Top