hi there,

i'm having problem accesing/receiving email from client pc connected to internet through gateway with the iptables masquerade setup.

i also having problem accessing some web site (such as mail.yahoo.com but able to log in mail.lycos.com) .

but no problem in surfing other web site.
if i connected directly using the adsl modem to isp, i can receive email and i can surf all the web site.... (so it is not isp problem)
from the gateway i can access the internet, do apt and others....

my client pc's :
OS windows XP Pro window 98 SE
Browser firefox 1.0 firefox 1.0
Email Client thunderbird 0.8 thunderbird 0.8

my gateway server:

OS Debian sarge (without X windows)
DNS bind9
M$ Network Samba
eth0 link to ADSL Modem (using pppoe to connect to ISP)
eth1 link to internal LAN

iptables rules is as below:

#!/bin/sh
#
#
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe

EXTIF="ppp0"
INTIF="eth1"

echo -e " Done loading modules.\n"
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

i do some googling and even read the manual, but it seem no other person have the same problem.... or may be i just miss it.

thank you

which is the external interface ppp0 or eth0???
your masquerade rule says that mask all outgoing ip pakects with ip of ppp0. but u say your external device is eth0!!!

try following instead of your masquerade rule

iptables -t nat -A POSTROUTING -s local_net -j MASQUERADE

good luck.

hi ,

thank you for your suggestion. But i already solved the problem with help from 'firehol' help forum (thanks ktsaou!) and also from the 'Linux IP Masquerade HOWTO' by David A. Ranch. The problem seem to be related with MTU . and there are several way to fix it.
1) Enabling PMTU Clamping for pppoe and ppp
2) Clamping the MSS via iptables
3) Change the external MTU of MASQ server
4) Changing MTU for various Operating System (the problem also happened to other OS than Linux, including M$)
---- summarized from 'Linux IP Masquerade HOWTO' by David A. Ranch ----

i choose to use clamping MSS via iptables, and doing this by adding this code line:
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
to the top of my ruleset...and my ruleset above is correct.
my eth0 is physically connected to ADSL modem (it is not USB port ADSL modem) but when you connected to the Internet through PPPOE (i don't have fix ip, only dynamic ip) , pppd will create another interface name ppp0. (you can check it using ifconfig after execute the pppoe connection). and this ppp0 wil be my gateway interface to the internet.

thanks again and bye..