Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
Sorry to barge in here but I notice that your --clamp-mss-to-pmtu arguments are in both the *nat and *filter tables, where IIRC they do not work correctly (perhaps don't belong there), but it should be in the *mangle table.
This may have nothing at all to do with your current problem, but I wanted to point it out just in case.
Yes, you understand me correctly, but I'm not 100% on this, and as mentioned, it may well NOT be the root of your problem anyhow -- I just mentioned it because I noticed it, and had been reading about it lately.
My firewall also puts --clamp-mss-to-pmtu in the filter chain, but during research on the net about it (I got sidetracked!) I came across several mailing list thread regarding IPtables, one of them is here: https://dev.openwrt.org/ticket/5890 which claims that clamping didn't actually do what it was supposed to in that case, when in the *filter chain, but when moved to the *mangle chain it performed correctly.
I am still reading, and haven't yet decided if I will adjust my own firewall in this area, because I don't use the clamping anyhow, but when someone *else* uses my firewall, I want this to be correct.
Input from more experienced users on this subject would be good too
And yes, it's a good time of year to be here. I took any excuse I could today to go outside to take a walk.
Sorry to not be more help, I'll keep looking as time permits, given you're still shut down.
NiceLittleRabbit, have you tried temporarily allowing all outbound traffic to confirm that the problem is in your iptables outbound rules?
Sometimes these problems can be more elementary than you expect... that might be an easy debugging check.
I've been trying to catch up on this and not quite there, but to browse the web from the server you have to accept NEW on OUTPUT for http. When you fire up your browser on the server and you go to say google.com that is a NEW connection on output to port 80.
You do have some logging going on so the obvious question is did you check the logs for port 80 drops? You can always add logging targets to your CHECK_OUTPUT_TRAFFIC and OUTPUT chains so that the drops will be logged. With a good description in the log-prefix you should be able to narrow down what chain is dropping the traffic.