arrgghh - it's driving me nuts now.

I've set up RedHat 8 Linux, got the DSL connection working on eth0 and my Lan on eth1 to a laptop with XP. On my RH8 box, this works fine, but it's the laptop that exhits strange behaviour. It runs Messenger through the iptables no problem and Messenger will bring up a window to look at Hotmail etc, but if browse any other site or try to download my email then it starts and downloads a bit (like <1k) and then stops!

I've tried turning off the RH firewall (and the laptop one too), farting around with the iptable forwarding, but am not now convinced the problem is there...

I thought it was a DNS problem on the laptop, but it finds the sites ok :-(

Ideas?

Marc.

Hard to say without seeing your firewalling script, but I suppose you block too much.

Maru,

Well, I've tried the minimalist approach too. iptables -L currently shows:

Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 10.0.0.0/24 anywhere
ACCEPT all -- anywhere 10.0.0.0/24
DROP all -- !10.0.0.0/24 anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp spt:domain dpts:1025:65535
ACCEPT udp -- cache2.cableol.net anywhere udp spt:domain dpts:1025:65535
ACCEPT udp -- cache1.ntli.net anywhere udp spt:domain dpts:1025:65535
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:nfs reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

Also, strangely my XP client looks to be only allowing me to look at Microsoft sites, like I can get through to www.microsoft.com and www.hotmail.com, but not my home page www.i-solve.co.uk.

What's the easiest way to turn off all blocking but still do the maquerading for the lan to internet?

Thanks,

Marc.

Something like
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth0 -j ACCEPT
(but look if the interfaces are OK).