well I solved my problem. Thanks to all that read this. Since there is a guy which can't run his Mon Mothma firewall (funky name ain't it?) and another with problems with a webserver, let me tell you what I did. And in the end someone may tell me *why* it did work. I must confess I don't get it.
As I said before, the configuration was identical as fair as I could tell. That includes the MTU of all interfaces- particularly eth0,
which was set to 1460 (and still is in MDK 8.1). I set it that way since I was getting fragmentation-related problems; I snipped the packets and they were arriving from the other machine with a lenght of 1460, so I set it that way and it worked (in 8.1!).
Back to the MDK9: after James' mail I decided to snip the packets again (should have done that before, I know, but istalling tcpdump looked boring- why it isn't isntalled by default?). After packets like:
*****
00:04:40.291559 53.226.226.200.in-addr.arpa.ig.com.br > 200.225.86.47: icmp: aguia.localdomain unreachable - need to frag (mtu 1460) [tos 0xc0]
*****
(aguia is the masqued machine)
There would be no more transfers. Just for fun, I tried lowering the MTU of the eth0 interface- no good. Then I set it to 1500 - and ops, it worked. Kind of magic (well, this is Mandrake Linux after all!) In all my experience, *LOWERING* the MTU solved icmp/fragmentation related problems (as in James case).
So can someone please tell me what is happening? why does a MTU of 1500 works in MDK 9 and do not work in MDK 8.1? and why , oh why, a MTU of 1460 works in MDK 8.1 and not in MDK 9? The only thing I can figure is that *smthing* changed in the TCP/IP between kernels 2.4.8 and 2.4.19.
Then, for the guys having this kinda problems related to IPTABLES, capture your packets. Should you see that there the data transfer stops after smthing like:
icmp: masqued.xxxx unreachable - need to frag (mtu xxxx)
thy fidging with the MTU of your network. Good luck, gentleman(and ladies).
Wooky
--
"Discussing this document with a US citizen may be an offence."
From the disclaimer of "Security Holes Fixed in Linux 2.4.19", by RH
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
