On Mon, Apr 16, 2012 at 3:26 PM, Tom Eastep <[email protected]> wrote:
> On 04/16/2012 03:21 PM, Bruce Edge wrote:
> >
> >
> > On Mon, Apr 16, 2012 at 2:28 PM, Tom Eastep <[email protected]
> > <mailto:[email protected]>> wrote:
> >
> >
> > On Apr 16, 2012, at 1:48 PM, Bruce Edge <[email protected]
> > <mailto:[email protected]>> wrote:
> >
> >> Shorewall is, in general, working fine. Much better then ufw imho.
> >>
> >> I have one single problem with one single web site on a 2
> >> interface fw.
> >>
> >> If I plug into my cable modem directly, this site works fine.
> >>
> >> I cannot access: https://www5.v1host.com/ from behind shorewall.
> >> In fact, I can't get to it even from the fw itself.
> >>
> >> With the cable modem on eth0 of my fw, neither machines behind it
> >> on eth1, or the fw itself can get this one specific web site.
> >
> > If you temporarily 'shorewall clear', can you access the site from
> > the fw? (be sure to 'shorewall .
> > start' after testing.
> >
> > Tom
> >
> >
> > No, that's the part I don't understand. Even that doesn't work.
> >
> > Just to re-iterate for clarity, even after a "shorewall clear" I still
> > cannot access that site from either the fw or any machines behind it.
>
> Then I'm afraid that your problem has nothing to do with your Shorewall
> configuration.
>
>
Not surprisingly, you were right.
Just to followup in case this helps anyone else, I fixed this by forcing my
MTU to 1500 on both interfaces.
No clue why I only saw this on one specific site.
Thanks for being patient with the clueless.
-Bruce
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
