Hi all, It apears that the path MTU discovery sindrom is hiting badly lately. Although I have all the needed info to overcome it in the HOWTO people keep geting burnt. I will stress this point in the howto in hope that blackholing linux gateways will be a story of the past.... Dani
On Tue, 20 Nov 2001, Omer Zak wrote: > Thanks for the work done by various members of the Linux-IL mailing list > in the past and for the miniscule effort they put answering my question, > the problem was solved. > > - - - - - - - - - - > > It was the tcpmss problem, which was discussed by Avishai (who referred me > to past messages by him). > Sagi Bashari pointed out this fact, too. > > - - - > > Tsafrir Cohen asked if this could be an ISP problem. No, it wasn't. We > installed a sacrificial Windows 2000 installation, for testing the ADSL > connection, and it worked flawlessly when the PC was connected directly > to the ADSL modem (of course, the LAN was disconnected from this computer > during the test, as no firewall was activated on this PC). > > - - - > > Since we use Linux 2.2.* kernel, we had to modify the MTU of machines in > the network, and this meant fiddling with rc.local, MS-Windows NT registry > and MS-Windows 2000 registry. > > Is there a way for lazy^h^h^h^hbusy sysadmins to fix it in the gateway > machine using kernel 2.2.* and ipchains? > > - - - > > Mulix suggested that we check if ecn is enabled. At the moment, this is > irrelevant as the setup is working. > > I congratulate him for having the --quirks patch accpeted to cvs pptp last > night, even though it is neither necessary nor harmful in setups involving > the Alcatel's Speed Touch HOME ADSL modem (an Ethernet modem, working > with regular phone lines). > > - - - > > While he didn't actually offer a quick and immediate solution to the > problem, Geoffrey S. Mendelson suggested some security enhancements, such > as limiting Web access to a Web proxy server running on the gateway > machine and using SOCKS. What is the opinion of other list members about > those security provisions? Would you install such a setup in your home > network? > > We do have two Ethernet cards in the gateway PC - one for communication > with the ADSL modem, the other - for communicating with the rest of the > computers. > --- Omer > There is no IGLU Cabal. Problems do get solved even without such a formal > organization. > WARNING TO SPAMMERS: see at http://www.zak.co.il/spamwarning.html > > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]