Description of problem: Using FC5 as Gateway enabling MASQ for LAN, I cannot browse http URls. Version-Release number of selected component (if applicable): FC5 (Bordeaux) How reproducible: From a box in a LAN with FC5 as Gateway browse http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp Steps to Reproduce: 1.Install FC5 2.Connect a box thru ethX (XP in my case) 3.Connect FC5 to internet (.i.e ueagle-atm module with pppd -ppd options as described in your Fedora page for eagle-usb modems) 4.Use following iptable : # Reset Default Policies $IPT -P INPUT ACCEPT $IPT -P FORWARD ACCEPT $IPT -P OUTPUT ACCEPT $IPT -t nat -P PREROUTING ACCEPT $IPT -t nat -P POSTROUTING ACCEPT $IPT -t nat -P OUTPUT ACCEPT $IPT -t mangle -P PREROUTING ACCEPT $IPT -t mangle -P OUTPUT ACCEPT # Flush all rules $IPT -F $IPT -t nat -F $IPT -t mangle -F # Erase all non-default chains $IPT -X $IPT -t nat -X $IPT -t mangle -X 5. from box connected in step 2, browse this URL: http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp Actual results: browser timing out. Expected results: Show URL Additional info:
I think you should use masquerading.
If I had not beeing using MASQ, how do you think that I can see this page. IN fact I can see a lot of URLs in this machine using FC5 as Gateway, but NOT the one I am reporting. I repeat that address. http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp(In reply to comment #1)
Can you please perform these tests with a linux box in your network: 1) ping www.hsbc.com.ar 2) traceroute www.hsbc.com.ar 3) lynx http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp You wrote: "Use following iptable" and there is no masquerading rule in there.
(In reply to comment #3) > Can you please perform these tests with a linux box in your network: > > 1) ping www.hsbc.com.ar > 2) traceroute www.hsbc.com.ar > 3) lynx http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp > > You wrote: "Use following iptable" and there is no masquerading rule in there. > Sorry about misunderstanding, I tried to avoid all rules to trace the problem, so please add to the previous rules the following: echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o XXX -j MASQUERADE (where XXX = your interface) Here are the results of tests (numbered in same order as yours) Result of 1: # ping www.hsbc.com.ar PING www.hsbc.com.ar (200.5.78.16) 56(84) bytes of data. --- www.hsbc.com.ar ping statistics --- 801 packets transmitted, 0 received, 100% packet loss, time 799957ms ============================= Result of 2: # traceroute www.hsbc.com.ar traceroute to www.hsbc.com.ar (200.5.78.16), 30 hops max, 38 byte packets 1 pclinux (192.168.1.2) 0.266 ms 0.184 ms 0.308 ms 2 200.51.241.235 (200.51.241.235) 16.557 ms 12.484 ms 11.829 ms 3 192.168.99.234 (192.168.99.234) 11.851 ms 11.874 ms 11.952 ms 4 200.73.185.130 (200.73.185.130) 11.956 ms 11.895 ms 11.914 ms 5 200.73.172.41 (200.73.172.41) 11.981 ms 14.875 ms 14.962 ms 6 npcR06-tibR01-02775.metrored.net.ar (200.49.69.217) 62.939 ms 32.746 ms 32.790 ms 7 host089201.metrored.net.ar (200.49.89.201) 56.773 ms 104.855 ms 131.919 ms 8 host129242.metrored.net.ar (200.59.129.242) 275.908 ms 159.089 ms 116.939 ms 9 * * * 10 * * * ================================= Result of 3: # rpm -i /media/cdrecorder/Fedora/RPMS/lynx-2.8.5-18.i386.rpm # lynx http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp Making HTTPS connection to hbsrv.pcbanking.hsbc.com.ar ~ ======================================================== Comments about result 3: it hangs with the last message shown General comments: this results are similar (without performing above tests), to the ones performed on a XP box. (Hanging of page)
Your FC5 gateway seems to work, because the packages are going out - see the traceroute output. Are you sure, that this is a problem with FC-5 only?
(In reply to comment #5) > Are you sure, that this is a problem with FC-5 only? Sorry, I dont have any other gateway to check. This problem appeared after Fc5 installation, and with different browsers as you can see, i.e. Lynx , Netscape , Firefox ,etc. Though I cannot browse from the LAN, I can still browse the problematic URL from the gateway itself. Do you have any FC5 Gateway to check all this?
Changing MTU on client machine solves the problem. Description: on FC5 ueagle-usb driver is within distribution. This also changes link configuration as from previous drivers. One of the changes is MTU size now changed to 1492. As a result, some http flow hangs. I changed MTU on client machine to 1454 (using DRTCP) and now I can browse those sites.