Hi,
You already solved this problem but ... But this explain where is the
disconnect.
On Tue, Jan 05, 2010 at 12:19:09AM +0200, Andrei Popescu wrote:
On Mon,04.Jan.10, 16:32:42, Osamu Aoki wrote:
Hi,
On Sun, Jan 03, 2010 at 07:45:07PM +0100, Marc Schröder wrote:
its better to setup a
On Tue,05.Jan.10, 03:53:22, Antonio Perez wrote:
You could start a Wireshark capture on both the LAN and the PPP before
performing the wget command and compare both.
I installed tshark (I only have ssh access as both machines are in a
different city) on the gateway, but unfortunately I can't
Andrei Popescu wrote:
On Tue,05.Jan.10, 03:53:22, Antonio Perez wrote:
You could start a Wireshark capture on both the LAN and the PPP before
performing the wget command and compare both.
I installed tshark (I only have ssh access as both machines are in a
different city) on the gateway,
Antonio Perez wrote:
which both work on port 80, filter the destination port 80 and compare.
hint: tcp.dstport==80
also you may add the dest IP or any other relevant factor to reduce noise:
for wget http://www.google.com :
tcp.dstport==80 and ip.addr==74.125.159.1/24
for
On Sun,03.Jan.10, 10:30:18, Andrei Popescu wrote:
[...]
The problem is that some websites work flawlessly from the squeeze box
and some stall. The same sites are ok from the lenny box. Here are
Turned out it was a problem with Path MTU Discovery[1] and setting
CLAMPMSS=YES
in
Andrei Popescu wrote:
on the gateway in /etc/ppp/peers/provider and ifconfig ppp0 correctly
shows the new setting, but no change. Thanks for the hint though.
Hi:
You could start a Wireshark capture on both the LAN and the PPP before
performing the wget command and compare both.
--
Antonio
On Mon,04.Jan.10, 16:32:42, Osamu Aoki wrote:
Hi,
On Sun, Jan 03, 2010 at 07:45:07PM +0100, Marc Schröder wrote:
its better to setup a propper mtu size on the gateway. then all
clients behind will work without extra modifications.
Yes, if the problem is caused by a gateway you control,
On Sun,03.Jan.10, 12:14:37, Andrei Popescu wrote:
Have you checked IPV6 issues discussed recently on debian-devel?
I just tried commenting out
net.ipv6.bindv6only = 1
in /etc/sysctl.d/bindv6only.conf but no change. The Lenny box also has
IPV6_DISABLED=yes set in shorewall.conf
...
Andrei Popescu put forth on 1/3/2010 2:30 AM:
I have no idea what to try so any hints are welcome.
Try looking at your logs. This is exactly why logs exist, for troubleshooting.
Start with the Lenny host's log files such as syslog and messages and any/all
custom log files you or your firewall
On Sun, Jan 03, 2010 at 10:30:18AM +0200, Andrei Popescu wrote:
Hi everybody,
The problem is that some websites work flawlessly from the squeeze box
and some stall. The same sites are ok from the lenny box. Here are
example sessions with wget:
Have you tried runing lenny box inside your
On Sun,03.Jan.10, 18:10:48, Osamu Aoki wrote:
On Sun, Jan 03, 2010 at 10:30:18AM +0200, Andrei Popescu wrote:
Hi everybody,
The problem is that some websites work flawlessly from the squeeze box
and some stall. The same sites are ok from the lenny box. Here are
example sessions with
On Sun,03.Jan.10, 03:22:29, Stan Hoeppner wrote:
Andrei Popescu put forth on 1/3/2010 2:30 AM:
I have no idea what to try so any hints are welcome.
Try looking at your logs. This is exactly why logs exist, for
troubleshooting.
Start with the Lenny host's log files such as syslog and
i think your problem is mtu fragmentation.
try on the squeeze the following as root:
ifconfig eth0 mtu 1300
and try that wget again
marc
Am Sonntag 03 Januar 2010 09:30:18 schrieb Andrei Popescu:
Hi everybody,
I'm banging my head against the wall with this one and could appreciate
On Sun, Jan 03, 2010 at 12:03:34PM +0100, Marc Schröder wrote:
i think your problem is mtu fragmentation.
try on the squeeze the following as root:
ifconfig eth0 mtu 1300
and try that wget again
marc
yah... behing choking pppoe connection ...
You can add
iface eth0 inet dhcp
its better to setup a propper mtu size on the gateway. then all clients behind
will work without extra modifications.
marc
Am Sonntag 03 Januar 2010 13:02:54 schrieb Osamu Aoki:
On Sun, Jan 03, 2010 at 12:03:34PM +0100, Marc Schröder wrote:
i think your problem is mtu fragmentation.
try
Hi,
On Sun, Jan 03, 2010 at 07:45:07PM +0100, Marc Schröder wrote:
its better to setup a propper mtu size on the gateway. then all
clients behind will work without extra modifications.
Yes, if the problem is caused by a gateway you control, this is the root
cause fix.
This is done, as I
On Mon, Aug 21, 2006 at 09:05:13PM +1000, Cameron Lowe wrote:
Can you access the outside world from your firewall/router? You may want
to check your routes.
Hi, Thanks for the reply.
iptables -L -v is my friend. I was just a little
confused. :-(
bob[EMAIL PROTECTED]
--
To
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ja hallo erstmal,
Am Donnerstag, 17. Juni 2004 23:42 schrieb Harald Weidner:
Hallo,
ich suche nach einer Möglichkeit bestimmte MAC Adressen zu maskieren. (Was
in die POSTROUTING-Chanin müsste). Leider lässt iptables --mac-source nur
bei
Am Freitag, 18. Juni 2004 10:35 schrieb Jan Lühr:
Theo. nicht. Praktisch schon. MAC-Spoofing macht einen erheblich
größeren Aufwand und ist für den Laien kaum möglich. Das testen
oder übernehmen von funktionierenden IPs ist deutlich einfacher. Mit
anderen Worten: Script Kiddie wieß wie man
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ja hallo erstmal,...
Am Freitag, 18. Juni 2004 10:52 schrieb Jan Torben Heuer:
Am Freitag, 18. Juni 2004 10:35 schrieb Jan Lühr:
Theo. nicht. Praktisch schon. MAC-Spoofing macht einen erheblich
größeren Aufwand und ist für den Laien kaum
On Thursday 17 June 2004 22:13, Jan Lühr wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Moin,
ja hallo erstmal,...
ich suche nach einer Möglichkeit bestimmte MAC Adressen zu maskieren. (Was
in die POSTROUTING-Chanin müsste). Leider lässt iptables --mac-source nur
bei INPUT, FORWARD,
Hallo,
ich suche nach einer Möglichkeit bestimmte MAC Adressen zu maskieren. (Was in
die POSTROUTING-Chanin müsste). Leider lässt iptables --mac-source nur bei
INPUT, FORWARD, PREROUTING zu.
Ich würde es mit einer Markierung versuchen. Umgefähr so (ungetestet):
iptables -A FORWARD ... -m mac
am 17.06.2004, um 22:13:15 +0200 mailte Jan Lühr folgendes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ja hallo erstmal,...
ich suche nach einer Möglichkeit bestimmte MAC Adressen zu maskieren. (Was in
die POSTROUTING-Chanin müsste). Leider lässt iptables --mac-source nur bei
* Gerhard Wendebourg [EMAIL PROTECTED], 2004-04-21 21:56 +0200:
Moin, moin,
gibt es hier Erfahrungen zur Nutzung von ipmasq ?
Geht um das Masquerading auf einem Router (DSL) sowie Firewallfunktion.
Gibt es wichtige Gruende gegen den Einsatz von ipmasq / fuer andere
Tools (die ohne
On 21.04.2004, at 00:32, Gerhard Wendebourg wrote:
gibt es hier Erfahrungen zur Nutzung von ipmasq ?
Geht um das Masquerading auf einem Router (DSL) sowie Firewallfunktion.
Ich habe kürzlich meine erste Debian-Installation auf meinem
DSL-Router/Firewall durchgeführt und dabei auch ipmasq benutzt.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hallo achim,
Sieht eigentlich ganz gut aus.
Wie sieht denn route -n aus? (router, client)
danke für die schnelle antwort!
router:
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse Iface
217.5.98.46
On Mon, 30 Jun 2003, [nirdezneb] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hallo achim,
Sieht eigentlich ganz gut aus.
Wie sieht denn route -n aus? (router, client)
danke für die schnelle antwort!
router:
Kernel IP routing table
Destination Gateway Genmask
severseitig:
dsl--?ber eth0--jupiter (gateway, debian 2.2er kernel)--?ber eth1
192.168.0.2--switch (geht in
port 4 oder muss das in uplink?)
ein normaler Port ist OK. Auf den Uplink gehen einfach nur ALLE Pakete, auch
welche die nicht für den Server und nicht für's öffentliche Netz sind.
On Thu, Jun 26 at 11:51+0200 axel.quack wrote:
root# echo 1 /proc/sys/net/ipv4/ip_forward
root# /sbin/ipchains -P forward DENY
root# /sbin/ipchains -A forward -s 192.168.0.0/24 -i ppp0 -j MASQ
Vielleciht fehlende Default Policies? Probier dochmal
# ipchains -F input
# ipchains -F output
#
On Mon, Sep 23, 2002 at 04:24:09PM +0200, Lionel Cadet wrote:
Bonjour à tous,
Je rencontre un problème de masquage avec ftp.
Ma config réseau est la suivante:
-une machine linux en routeur qui fait du
port forward (2121 - 21) vers une machine (linux) en
DMZ.
La machine en DMZ est en
Frédéric Bothamy wrote:
On Mon, Sep 23, 2002 at 04:24:09PM +0200, Lionel Cadet wrote:
Bonjour à tous,
Je rencontre un problème de masquage avec ftp.
Ma config réseau est la suivante:
-une machine linux en routeur qui fait du
port forward (2121 - 21) vers une machine (linux) en
Sebastian Scheurer schrieb am Donnerstag, 20. Juni 2002 um 16:43:33 +0200:
Auf was ist speziell zu achten bzw. habt ihr gute RTFM-Links zu dem
Thema???
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html
--
Heute ist nicht alle Tage, ich komm' wieder, keine Frage!!!
Joerg
BOFH excuse
Sebastian Scheurer schrieb:
könnte ihr mir einen guten Start im bezug auf IP-MASQUERADING geben?
Ich habe hier zwei Rechner (2xDebian Woody), einer mit Modem, LAN
(ethernet) zwischen den beiden und würde gerne von beiden aus ins
Netz können
apt-get install iptables
man iptables
/SEE
Hallo Sebastian,
könnte ihr mir einen guten Start im bezug auf IP-MASQUERADING geben?
Ich habe hier zwei Rechner (2xDebian Woody), einer mit Modem, LAN
(ethernet) zwischen den beiden und würde gerne von beiden aus ins
Netz können
eine wirklich wild zusammengeklatschte Doku zu den
According to Michel Loos on Fri, Nov 16, 2001 at 09:54:53PM -0200:
I thought this would just work out of the box :(
It works out of the box if eth0 is external and eth1 is local.
In your case you have to modify the 00Interfaces(?sp I use iptables now)
file in order to switch external and
On Sat, 2001-11-17 at 08:36, Eric Smith wrote:
According to Michel Loos on Fri, Nov 16, 2001 at 09:54:53PM -0200:
I thought this would just work out of the box :(
It works out of the box if eth0 is external and eth1 is local.
In your case you have to modify the 00Interfaces(?sp I use
On Sat, 2001-11-17 at 08:36, Eric Smith wrote:
According to Michel Loos on Fri, Nov 16, 2001 at 09:54:53PM -0200:
I thought this would just work out of the box :(
It works out of the box if eth0 is external and eth1 is local.
In your case you have to modify the 00Interfaces(?sp I use
On Sat, Nov 17, 2001 at 11:36:31AM +0100, Eric Smith wrote:
According to Michel Loos on Fri, Nov 16, 2001 at 09:54:53PM -0200:
I thought this would just work out of the box :(
that did not work for me - but this entry in modules.conf did:
### update-modules: start processing
On Fri, 2001-11-16 at 21:41, Eric Smith wrote:
I am on unstable and trying to give a client machine internet access.
eth1 on the server gets internet access via cable modem via dhcpcd and the
eth0 to the local LAN. The client and server communicate fine but
the client does not get
According to Michel Loos on Fri, Nov 16, 2001 at 09:54:53PM -0200:
On Fri, 2001-11-16 at 21:41, Eric Smith wrote:
I am on unstable and trying to give a client machine internet access.
eth1 on the server gets internet access via cable modem via dhcpcd and the
eth0 to the local LAN.
Linux is Great at that! I'm writing this on a box behind a Linux
Gateway/Firewall to my cable modem.
There's an ip_masq_quake module, that supports most network gaming (Half-Life
is Quake based so you're good).
I don't know about paltalk, but I'm able to use dialpad from behind here with
a few
Michael Patterson [EMAIL PROTECTED] writes:
MP Ok, I recently got a Maxtor 80Gb HD, so I figured I'd start with a fresh
MP install of Potato on my system. My problem is that I can't seem to get a
MP kernel that gives me both IP Masquerading and support for the drive.
MP
MP Now, on the kernels
Michael Patterson [EMAIL PROTECTED] writes:
MP Ok, I recently got a Maxtor 80Gb HD, so I figured I'd start
with a fresh
MP install of Potato on my system. My problem is that I can't
seem to get a
MP kernel that gives me both IP Masquerading and support for the drive.
MP
MP Now, on the
Assuming you're using a stock kernel or kernel with support for
IP masquerading, these three lines should get you started with masq:
/bin/echo 1 /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -P forward REJECT
/sbin/ipchains -I forward -s 192.168.1.0/24 -d ! 192.168.1.0/24 -j MASQ
You may need to
Just make sure your windows95 box has its DNS enabled, (you can put the
same servers there as you have for your linux box) and make sure your
gateway isn't blocking hmm port 53 I think. Ipmasq doesn't need anything
special.
Joshua (new linux convert as of 5-25-00!)
On Fri, 24 Nov 2000, Brad
Nathan == Nathan E Norman [EMAIL PROTECTED] writes:
Nathan You need to use passive ftp from behind a masquerading
Nathan box.
Nathan I thought there was a masq module for FTP, but I guess I
Nathan was thinking of the Cisco PIX. You have to examine each
Nathan packet in a
A147 416C E0BF AB73 8BEF F0C8 255C 51F9 8BB7
Attachment Converted: c:\home\onno\email\attach\Re masquerading ftp
On Tue, Feb 15, 2000 at 03:06:00PM -0600, Brian McGroarty wrote:
: As a learning exercise, I'm replacing our FreeBSD firewall with a Debian one.
: The machine is used to provide masquerading for several Windows, Linux and
: FreeBSD boxes on our cable modem.
:
: With Debian, FTP doesn't work from
On Tue, 15 Feb 2000, Brian McGroarty wrote:
BMCGRO With Debian, FTP doesn't work from behind a standard masquerading
firewall.
BMCGRO I've observed the problem with ipfw and ipchains both.
make sure you have all the ipmasq modules loaded, you need them for ftp,
quake etc..
nate
everything is OK, mistake was in routing table (wrong IP number)
Thanks for help...
igi
uninstaled ipmasq (with dselect) and masquerade _is_working_,
but only between linux box and internal network, when pinging
external host from internal net its unreachable :-(
_/_/_/_/_/ mailto:
adjust it to your needs:
#! /bin/sh
ifconfig lo 127.0.0.1
route add -net 127.0.0.0
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
ifconfig eth0 ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST}
route add -net ${NETWORK}
ipfwadm -F -p deny
ipfwadm -F -a m -S
NEWS FROM ME:
uninstaled ipmasq (with dselect) and masquerade _is_working_,
but only between linux box and internal network, when pinging
external host from internal net its unreachable :-(
I need masqerade my internal eth network ( another one comp with W95) and
made everything what I
52 matches
Mail list logo
