On 7/17/10 7:47 PM, Jamie Kline wrote: > Hi Folks, > > I've been toying with Linux on and off for the past 10years, but 'have > been off the wagon so-to-speak for a few so please bear with me. > > Fresh install of Slackware, kernel 2.6.29 > Shorewall 4.4.10 > > eth0 is direct to dynamic-IP cable modem > eth1 is static IP, 192.168.0.1/24 > testing 'client' (XP) behind firewall is static 192.168.0.2/24 with > DNS manually defined (for now) > Configured Shorewall per '2-interface' example. > > What DOES work: > 1-access out of eth0 (from linux box) to net - port 80 and 21 work fine > 2-ICMP both ways between testing client and eth1 > 3-ICMP from client to net > 4-DNS is resolving for client > 5-*partial* FTP connection from client to net (see below) > > What DOESN'T work: > 1-Browser access from client to net > 2-FTP will connect to ftp.ni.com, but after (anonymous) login, only > *three lines* of banner displays, then pukes out. > > FTP immediately tested thereafter from linux box and it works fine - > full banner, I can pull down files, etc. > > The log dump was taken after: > 1-shorewall restart > 2-client attempt to browse to www.google.com (failed) > 3-client pinged www.google.com (worked) > 4-client ftp to ftp.ni.com (partially worked, as described above). > > Any suggestions are greatly appreciated. I'm not sure if you can > (easily) discern the contents of my configuration files from the log > dump, so if you'd like to see them, by all means just ask.
Please see if setting CLAMPMSS=Yes in shorewall.conf helps. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
