Paul Cammidge wrote: > > sounds like fragmentation problems? do your rules allow icmp packets? > > paul
It's definitely some weird fragmentation/NAT issue. Some time ago I had poor line quality; I reduced the ppp MTU adn MRU to 1100. This worked fine, except that some web sites did not come up. This only happened on NATed machines. I could access the web sites from the firewall. I've now increased the MTU/MRU back to the default 1514, and all is well. I allow fragments, ICMP messages, all of the "normal" stuff. It seems that fragments don't forward/NAT or something. Thanks for all the hints and comments. --Yan -- Famous first words: My, my, my, my, my! Jason, age 16 mos, to his older sister 5:01pm up 4 days, 10:27, 13 users
