On Tue, 2004-05-04 at 09:30, Peter Rundle wrote: > Sluggers, > > I'm hoping that someone can shed some light on this problem, otherwise I must be > going mad. > > I have two linux boxen, one of which is an internet gateway masquerading for the > other > using iptables. When I try to access a web site using Mozilla from the masqueraded > box it > fails miserably waiting forever for the reply packets. However, if I telnet to port > 80 of > the site I get an immediate response. I can also ssh out to other servers on the net > no > problems. Now before you jump to any conclusions, the advanced proxy settings in > Mozilla > are set to direct connection to the internet. > > Now things get really weird. If I run squid on the gateway and use an iptables > redirect of > 80 to 3128 (Rob's comments about transparent proxying not withstanding) then Mozilla > is > happy as Larry. ???
Ok, here's a checklist to run on the machine running mozilla (with the interception rule in iptables disabled) 1) dig/host/ping bad-wed-address we are just looking for correct name resolution - we don't need to actually ping. 2) telnet <address> 80 type in between the ==='s (case unfortunately matters on some servers): === GET / HTTP/1.1 Host: <the-host> ==== If this gives you the web page, then mozilla is whacked. Chances are though that something will break. If everything is fine until the second CR, then you probably have a MTU issue. See man iptables and put a MSS clamp rule in as they describe. Rob -- GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html