/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */ Greetings, I have been struggling for more than a month with ipchains. I can connect to my ISP with no problem from my linux box running red hat 6.0 and kernel 2.2.12. I start ipchains with the following script #!/bin/sh echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/ip_dynaddr /sbin/depmod -a /sbin/modprobe ip_masq_cuseeme /sbin/modprobe ip_masq_ftp /sbin/modprobe ip_masq_irc /sbin/modprobe ip_masq_quake /sbin/modprobe ip_masq_raudio /sbin/modprobe ip_masq_vdolive /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -i ppp0 -j MASQ -l Then from my win95 box I am able to telnet, ftp and even run AOL instant messenger but I can't surf from any browser. When I do a tcpdump on ppp0 I am able to see packets going in both directions. It looks something like this. tcpdump -i ppp0 17:25:47.010663 152.163.243.237.5190 > 198.211.23.212.61002: . ack 208911 win 16384 17:25:47.011199 198.211.23.212.61002 > 152.163.243.237.5190: . ack 1 win 7745 (DF) 17:25:54.783994 198.211.23.212.61019 > 199.182.120.202.domain: 7+ A? www.netcom.com. (32) 17:25:55.030702 199.182.120.202.domain > 198.211.23.212.61019: 7 3/4/4 (226) 17:25:55.037660 198.211.23.212.61020 > 207.69.200.97.www: S 4118853:4118853(0) win 8192 <mss 1460> (DF) 17:25:55.130685 207.69.200.97.www > 198.211.23.212.61020: S 1529632290:1529632290(0) ack 4118854 win 64240 <mss 1460> (DF) 17:25:55.131254 198.211.23.212.61020 > 207.69.200.97.www: . ack 1 win 8760 (DF) 17:25:55.134131 198.211.23.212.61020 > 207.69.200.97.www: P 1:264(263) ack 1 win 8760 (DF) 17:25:55.280689 207.69.200.97.www > 198.211.23.212.61020: . ack 264 win 63977 (DF) 17:26:08.900699 163.179.204.54.webcache > 198.211.23.212.61018: P 2931530722:2931531190(468) ack 4033070 win 64584 (DF) 17:26:08.900842 198.211.23.212.61018 > 163.179.204.54.webcache: R 4033070:4033070(0) win 0 and tcpdump -i eth0 17:33:58.673946 192.168.10.11.socks > corpwww-1.mindspring.com.www: S 4602571:4602571(0) win 8192 <mss 1460> (DF) 17:33:58.770791 corpwww-1.mindspring.com.www > 192.168.10.11.socks: S 1491045809:1491045809(0) ack 4602572 win 64240 <mss 1460> (DF) 17:33:58.771172 192.168.10.11.socks > corpwww-1.mindspring.com.www: . ack 1 win 8760 (DF) 17:33:58.773989 192.168.10.11.socks > corpwww-1.mindspring.com.www: P 1:264(263) ack 1 win 8760 (DF) 17:33:58.920736 corpwww-1.mindspring.com.www > 192.168.10.11.socks: . ack 264 win 63977 (DF) I think that it does the name resolution successfully but that is about it. The browser reads "Connect: Host www.blahblahblah.com contacted. Waiting.for reply..." At this point I was sure that there was something wrong with my configuration. But, when I connected to a different ISP and ran the same script I was able to surf as well as telnet, ftp, etc... At this point most people would suggest that I just change my ISP, right? But, I'm sure that there must be a solution to this problem. Please, any constructive suggestions are greatly appreciated Just as an asside this entire setup worked perfectly with ipfwadm until Netcom was bought out by MindSpring. Thanks for all your help scozz mailto:[EMAIL PROTECTED] _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
