On Tue, 10 Dec 2019 07:22:05 +0100 Pascal Hambourg <pas...@plouf.fr.eu.org> wrote:
> Le 10/12/2019 à 00:01, Nektarios Katakis a écrit : > > > > I am running an iptables firewall on an openwrt router I ve got. > > Which acts as Firewall/gateway and performs NATing for my internal > > network - debian PCs and android phones. > > > > All good but specific web sites are not loading for the machines > > that are sitting behind the home router. > > > > When attempting on the browser (firefox but tried different ones) > > the browser stays at `Performing a TLS handshake to bitbucket.org`. > > wget has similar results: > > ``` > > wget https://bitbucket.org > > --2019-12-09 22:07:32-- https://bitbucket.org/ > > Resolving bitbucket.org (bitbucket.org)... 18.205.93.0, 18.205.93.1, > > 18.205.93.2, ... Connecting to bitbucket.org > > (bitbucket.org)|18.205.93.0|:443... connected. > > ``` > > When doing a tcpdump on the router side I can see some initial TCP > > session establishment and then nothing: > (...) > > Of course doing a wget from the router itself works fine as it also > > works fine on my desktop if I do dynamic port-forwarding with eg. > > `ssh -D 1050 router` (and configure of course firefox to use it). > > Maybe a "MTU black hole" issue with PPPoE. > Workarounds : > - lower the MTU on the client side to 1492 > - add a "TCPMSS --clamp-to-pmtu" iptables rule on the router > Interesting. I m not a network engineer and actually didnt think of that. I ll give it a shot and update. Thanks. -- Nektarios Katakis