Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i'm having problem accesing/receiving email from client pc connected to internet through gateway with the iptables masquerade setup.
i also having problem accessing some web site (such as mail.yahoo.com but able to log in mail.lycos.com) .
but no problem in surfing other web site.
if i connected directly using the adsl modem to isp, i can receive email and i can surf all the web site.... (so it is not isp problem)
from the gateway i can access the internet, do apt and others....
my client pc's :
OS windows XP Pro window 98 SE
Browser firefox 1.0 firefox 1.0
Email Client thunderbird 0.8 thunderbird 0.8
my gateway server:
OS Debian sarge (without X windows)
DNS bind9
M$ Network Samba
eth0 link to ADSL Modem (using pppoe to connect to ISP)
eth1 link to internal LAN
echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
i do some googling and even read the manual, but it seem no other person have the same problem.... or may be i just miss it.
which is the external interface ppp0 or eth0???
your masquerade rule says that mask all outgoing ip pakects with ip of ppp0. but u say your external device is eth0!!!
try following instead of your masquerade rule
iptables -t nat -A POSTROUTING -s local_net -j MASQUERADE
thank you for your suggestion. But i already solved the problem with help from 'firehol' help forum (thanks ktsaou!) and also from the 'Linux IP Masquerade HOWTO' by David A. Ranch. The problem seem to be related with MTU . and there are several way to fix it.
1) Enabling PMTU Clamping for pppoe and ppp
2) Clamping the MSS via iptables
3) Change the external MTU of MASQ server
4) Changing MTU for various Operating System (the problem also happened to other OS than Linux, including M$)
---- summarized from 'Linux IP Masquerade HOWTO' by David A. Ranch ----
i choose to use clamping MSS via iptables, and doing this by adding this code line:
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
to the top of my ruleset...and my ruleset above is correct.
my eth0 is physically connected to ADSL modem (it is not USB port ADSL modem) but when you connected to the Internet through PPPOE (i don't have fix ip, only dynamic ip) , pppd will create another interface name ppp0. (you can check it using ifconfig after execute the pppoe connection). and this ppp0 wil be my gateway interface to the internet.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.