NAT/ip forwarding issues
 

I've been experiencing problems with my home network. Somehow my server rules prevent some traffic from ariving on the destination within the home network.

The network has the following setup:

ADSLline---Modem---Server---switch---clients

- The modem is a Draytek Vigor 120 set to bridge a pptpa to pptpe.
- The server is a Fedora 13 machine.
- The switch is a normal 5 port 1Gb switch.
- And the clients consist of multiple machines with different OSes, namely Ubuntu and Windows 7.

On the server I have the following network devices:
eth0: 192.168.0.1, internal network
eth1: no IP, bridge to ppp
ppp0: 80.***.**.73, external network with fixed IP (using dhcp to retrieve it from ISP).

I started forwarding and most of it works. Only, for example, some sites refuse to load on the clients (*NIX and Windows). If for instance I try to access addthis.com, Firefox will tell me it is waiting for s7.addthis.com. The same WILL work on the server, the site will show without a problem.

My iptables is stripped, rewritten and anything else I could think of multiple times. But the general policy is ACCEPT and I added the following commands (I changed the devices to match mine).

as stated in the Fedora documentation (2.8.5. FORWARD and NAT Rules).

Does anyone have a clue how to solve my problem? It would be nice to get everything working.

Can you try the above? requests come from eth0 and is routed to ppp0.

That didn't work unfortunately. My iptables give the following return on -L

And this on -S:

You forgot to tell us about the default routing on your server. Where does it send everything to?

And on your server you use only 2 interfaces:
eth0: 192.168.0.1, internal network
and
ppp0: external network

I think, you do not need eth1. All traffic should goes between those two interfaces.

Routing
 

The routing is as follows:

And for even more information the output of ifconfig:
eth1 is the device for the pptpe link (which is ppp0).

As long as your routing table has only two interfaces I would prefer to have in FORWARD chain something like:
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT


And as long some works some not? please try to change MTU on your ppp0 interface from MTU:1492 to MTU:1450
You can do it if you type under root in console:
ip link set ppp0 down
ip link set ppp0 mtu 1400
ip link set ppp0 up

It might help.

Changing the MTU kills the connection. The iptables commands didn't do the job either. I feel like soms of the packets are just dumped by the iptables routine.

Is there some way to track packets to and from a specified website? Or maybe see the pakcets dumped by iptables?

Wait.

First of all, I did a mistake - I wanted to set it to 1450. I use 1400 and everything works perfect. So please do:

ip link set ppp0 mtu 1450

You probably have to avoid to bring down interface like this as it then will get new IP prom ISP.
So just change MTU and then do: ifconfig ppp0, make sure that MTU was changed.

Then, check if you have, as it was before:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
lo1.dr4.d12.xs4 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 1 0 0 eth0
default lo1.dr4.d12.xs4 0.0.0.0 UG 0 0 0 ppp0

I did the modification of mtu before too. I thought one could be a mistype but both had the same error. Routing is still good.

For now I connected an other router (instead of the modem). This way I have two computers working and the network behind the server is still safe. The trouble started when I needed to start using PtPPA for my connection. I will ask my ISP for an alternative or find one myself (changing ISP).
Thanks for your help and hopefully I can correct the errors or have better luck with another modem/router.