Cannot reach some sites from LAN

giancarlo76 · 02-04-2007, 02:11 PM

An Ubuntu box connects to the Internet through ADSL (pppoe) and acts as a router for a small LAN. Between the router and the other machines there's an access point for wireless connection. Nearly everything works fine, except for the fact I cannot reach some sites from the internal network. I can browse the same sites from the Ubuntu box, but not from the others that are behind it. And, again, only a small list of sites is unreachable.
I tried keeping it as simple as possible, setting the ip forwarding to 1, flushing all of the iptables chains with

Code:

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

and then activating masquerading with

Code:

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

but with no success.
What else can I do to solve this problem?
Thanks.

Brian1 · 02-04-2007, 02:55 PM

What sites are you trying to see that Ubuntu can and the lan machines cannot?

Brian

giancarlo76 · 02-04-2007, 03:20 PM

http://www.rai.it, for example.
What are you thinking about?

Brian1 · 02-04-2007, 03:39 PM

That is just odd. If the iptables is flushed and simply masquerade setup then I am at a lost. The IP the site is using was not part of the non-used ones. There use to be a group of ips reserved not for use and one can add those to the iptables to block them in the event they were used in packet hacking.

Site comes up fine through my linux router which then goes through a wireless store bought router to get to my notebook.

I am guessing every lan machine cannot connect?
I would contact the manufactor of the wireless router. Check the faqs and docs on their site.

Brian

giancarlo76 · 02-04-2007, 04:16 PM

Yes, every machine but the gateway (the Ubuntu one). It actually seems a gateway's problem, because it comes out even through the wired network. I will try a live distro to see if it's a hardware failure.

Brian1 · 02-05-2007, 05:18 PM

No more ideas as to the reason it does that and no other ideas to try.

Brian

giancarlo76 · 02-05-2007, 06:58 PM

Thanks anyway. I'll post here the results of any other try.

giancarlo76 · 03-14-2007, 10:03 AM

Ok, I solved it.
I first thought about an MTU problem: pppoeconf sets it to 1492 for the ppp0 interface, due to the package size most ISPs adopt. So I set the MTU to 1492 for every interface, instead of the default 1500, but with no result.
What actually did the trick was installing ipmasq. It does all the dirty work of ip forwarding and masquerading.
What I still don't understand is why even a fresh Debian install needs ipmasq to properly forward, expecially if I think that everything worked fine before I opened this post...

vanigh · 03-14-2007, 07:35 PM

I'm a newb, May i ask how did you install ipmasq? did you do it with synaptic or command line?
Your help is appreciated?

giancarlo76 · 03-15-2007, 10:08 AM

It doesn't matter which one you use. Either install it via Synaptic or running

Code:

apt-get install ipmasq

being sure you activate the right repository (universe for Ubuntu).
It's quite straightforward, you don't need to configure it for a basic use.