Firewall won't let win98 in ???

Firewall won't let win98 in ???

[Jerry M. Howell II]

I know this might sound a bit strange but has anyone ever had the
problem were the firewall will let linux, freebsd, win2k, and winxp by
but noone that seems to run win98 can access my webserver at all. My
clients that run it can't pull in e-mail, nor ssl, or even a simple
webpage. All other O/S'es seem to access it just fine. Anyone have any
clues as to what I need to do to allow win98 and possably win95 past the
firewall besides putting DNS on a seperate server?
-- 
Jerry M. Howell II

RE: Firewall won't let win98 in ???

[Willem-Jan Meijer]

netfilter-admin@lists.netfilter.org
<mailto:netfilter-admin@lists.netfilter.org> schreef op maandag 9 juni 2003
5:17:

> I know this might sound a bit strange but has anyone ever had the
> problem were the firewall will let linux, freebsd, win2k, and winxp
> by but noone that seems to run win98 can access my webserver at all.
> My clients that run it can't pull in e-mail, nor ssl, or even a
> simple webpage. All other O/S'es seem to access it just fine. Anyone
> have any clues as to what I need to do to allow win98 and possably
> win95 past the firewall besides putting DNS on a seperate server?    

I think this has to do with your webserver. Try this at an apache mailing 
List.

HTH,

-WJ

Windows: Where do you want to go today?
MacOS:   Where do you want to be tomorrow?
Linux:   Are you coming or what?

Re: Firewall won't let win98 in ???

[Alistair Tonner]

On June 8, 2003 11:16 pm, Jerry M. Howell II wrote:
> I know this might sound a bit strange but has anyone ever had the
> problem were the firewall will let linux, freebsd, win2k, and winxp by
> but noone that seems to run win98 can access my webserver at all. My
> clients that run it can't pull in e-mail, nor ssl, or even a simple
> webpage. All other O/S'es seem to access it just fine. Anyone have any
> clues as to what I need to do to allow win98 and possably win95 past the
> firewall besides putting DNS on a seperate server?

-- 
	I've run into something odd with win98 and iptables once myself.
	I had 1 (one) of 3 win98 clients that *could not* connect correctly 
	to the webserver/FTP/ssh servers from inside the firewall, but
	could surf the internet, connect to outside services etc.... 

	I belive that it had to do with win98 IPMTU discovery being
	turned off.  I had to completely remove the registry entries regarding
	networking and then reinstall the networking compnents.

	The root cause was one of those freeware *improve your internet
	surfing speed* applications that *tunes* the windows networking 	
	settings. (and apparently does a terrible job at it since it turns off
	IPMTU discovery!!!!) 

	Other possible issue.  -- *IF* you are connected to DSL on the outside, 
	are you running an MTU clamp?? (Something like :)
	iptables -A FORWARD -s $INSIDE_SEGMENT -d 0.0.0.0 -m TCPMSS \ 
	-j --clamp-mss-to-pmtu ??
	If the clients can surf the web, but cannot connect to the firewall host,
	you might want to put that in the input chain as well..

	If you aren't running one at all, I'd *very* strongly reccoment the function
	as it cures many connection ills with b0rked TCP stacks that do not 
	conform to the standards.

	win98 (original retail) and win95 have rather nonstandard TCP stacks.
	


	Alistair Tonner
	nerdnet.ca
	Senior Systems Analyst - RSS
	
     Any sufficiently advanced technology will have the appearance of magic.
	Lets get magical!