rp-l2tpd iptables and rh9 but no google

rp-l2tpd iptables and rh9 but no google

[Rob Verduijn]

Hi there,

I've got this curious problem with netfilter.

On my gateway pc I'm running rh9 and am keeping it up to date with the
up2date utility.
I've got a motorola cable modem connected to my network card eth1 (DHCP my
isp requires this, range is something from 10.0.0.0/21 don't ask me why /21)
Over this connection I set up tunnel using l2tp (rp-l2tpd 0.3) which is ppp0
(DHCP again, couple of class c range addresses)
My internal network is connected to eth0 (192.168.0.1/24)

My default policys are accept for everything

I did
echo 1 > /proc/sys/net/ipv4/ip_forward

and

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

set the gateway to the other end of the ppp tunnel

From on my network I can happely surf the web to almost any page from a pc
that has his gateway set to 10.0.0.1
(And the proper dns entrys network card drivers etc,etc..)

But I can't surf to www.google.com

I can ping google so icmp seems to work but I can't surf the web for google.
Neither windows nor linux will work.

However if I log in to my gateway start mozilla and surf to google it works
fine.

I'm I forgetting something? (Obviously, but what?)

Does anybody know why I can't surf to google via my gateway?

Many thanx

oh before I forget this is where i got the rp-l2tpd
http://sourceforge.net/projects/rp-l2tp/
running version rp-l2tpd-0.3

Re: rp-l2tpd iptables and rh9 but no google

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 540 bytes --]

Le ven 18/07/2003 à 21:01, Rob Verduijn a écrit :
> Hi there,
> 
> I've got this curious problem with netfilter.

> I did
> echo 1 > /proc/sys/net/ipv4/ip_forward

> 
> I can ping google so icmp seems to work but I can't surf the web for google.
> Neither windows nor linux will work.

You may have look to the MTU, with encapsulation in L2TP you loose some
bytes.
To test try increase your ping size with the -s option.

If it is working with -s 1500 then try to look at tcpmss.

BR,
-- 
Eric Leblond <eric@regit.org>

[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

RE: rp-l2tpd iptables and rh9 but no google

[Rob Verduijn]

Hi again,

I've set my MTU on eth0 eth1 and ppp0 to 1472
Ive been playing around with tcpdump
I gave the following command
tcpdump -i ppp0 -w dumptcp
When I surf to www.redhat.com everything goes wel and I get all kinda output
in my file
But when I surf to google I get nothing, no output whatsoever.
Did I give in the wrong syntax?

Regards
Rob



-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]On Behalf Of Eric Leblond
Sent: vrijdag 18 juli 2003 21:49
To: netfilter@lists.netfilter.org
Subject: Re: rp-l2tpd iptables and rh9 but no google


Le ven 18/07/2003 à 21:01, Rob Verduijn a écrit :
> Hi there,
>
> I've got this curious problem with netfilter.

> I did
> echo 1 > /proc/sys/net/ipv4/ip_forward

>
> I can ping google so icmp seems to work but I can't surf the web for
google.
> Neither windows nor linux will work.

You may have look to the MTU, with encapsulation in L2TP you loose some
bytes.
To test try increase your ping size with the -s option.

If it is working with -s 1500 then try to look at tcpmss.

BR,
--
Eric Leblond <eric@regit.org>

RE: rp-l2tpd iptables and rh9 but no google

[Aldo S. Lagana]

I had a funky issue that was similar and it turned out that I had the wrong
subnet mask on my internet interface.  Coincidentally, my network also
started with 64. (I think) - the same as google; but because my subnet mask
was wrong, I could not see google!


-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Rob Verduijn
Sent: Monday, July 28, 2003 4:19 PM
To: netfilter@lists.netfilter.org

Hi again,

I've set my MTU on eth0 eth1 and ppp0 to 1472
Ive been playing around with tcpdump
I gave the following command
tcpdump -i ppp0 -w dumptcp
When I surf to www.redhat.com everything goes wel and I get all kinda output
in my file
But when I surf to google I get nothing, no output whatsoever.
Did I give in the wrong syntax?

Regards
Rob



-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]On Behalf Of Eric Leblond
Sent: vrijdag 18 juli 2003 21:49
To: netfilter@lists.netfilter.org
Subject: Re: rp-l2tpd iptables and rh9 but no google


Le ven 18/07/2003 à 21:01, Rob Verduijn a écrit :
> Hi there,
>
> I've got this curious problem with netfilter.

> I did
> echo 1 > /proc/sys/net/ipv4/ip_forward

>
> I can ping google so icmp seems to work but I can't surf the web for
google.
> Neither windows nor linux will work.

You may have look to the MTU, with encapsulation in L2TP you loose some
bytes.
To test try increase your ping size with the -s option.

If it is working with -s 1500 then try to look at tcpmss.

BR,
--
Eric Leblond <eric@regit.org>

RE: rp-l2tpd iptables and rh9 but no google

[Rob Verduijn]

Hi there,

Sorry that's not it, either that or my ISP is handing out incorrect
subnet masks with it's dhcp server :P

I saw that part of my problem fell off the last message

Short version
Turned on Ip forwarding
Brought up eth1 (dhcp)
Brought up ppp0 (also dhcp)
Turned on masquerading
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

On the gateway I can surf to www.redhat.com and www.google.com
On the client I can only surf to www.redhat.com
I cannot surf to www.google.com on the client

maximum packetsize with ping -s = 1472 (on gateway)
ping -s 1472 www.google.com
with bigger packets I get no answer

Maximum packetsize with ping -s on client is even smaller

I've been told to check the tunnel with tcpdump, but I get no output
when surfing to www.google.com

Regards
Rob


On Mon, 2003-07-28 at 22:30, Aldo S. Lagana wrote:
> I had a funky issue that was similar and it turned out that I had the wrong
> subnet mask on my internet interface.  Coincidentally, my network also
> started with 64. (I think) - the same as google; but because my subnet mask
> was wrong, I could not see google!
> 
> 
> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org
> [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Rob Verduijn
> Sent: Monday, July 28, 2003 4:19 PM
> To: netfilter@lists.netfilter.org
> 
> Hi again,
> 
> I've set my MTU on eth0 eth1 and ppp0 to 1472
> Ive been playing around with tcpdump
> I gave the following command
> tcpdump -i ppp0 -w dumptcp
> When I surf to www.redhat.com everything goes wel and I get all kinda output
> in my file
> But when I surf to google I get nothing, no output whatsoever.
> Did I give in the wrong syntax?
> 
> Regards
> Rob
> 
> 
> 
> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org
> [mailto:netfilter-admin@lists.netfilter.org]On Behalf Of Eric Leblond
> Sent: vrijdag 18 juli 2003 21:49
> To: netfilter@lists.netfilter.org
> Subject: Re: rp-l2tpd iptables and rh9 but no google
> 
> 
> Le ven 18/07/2003 à 21:01, Rob Verduijn a écrit :
> > Hi there,
> >
> > I've got this curious problem with netfilter.
> 
> > I did
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> 
> >
> > I can ping google so icmp seems to work but I can't surf the web for
> google.
> > Neither windows nor linux will work.
> 
> You may have look to the MTU, with encapsulation in L2TP you loose some
> bytes.
> To test try increase your ping size with the -s option.
> 
> If it is working with -s 1500 then try to look at tcpmss.
> 
> BR,
> --
> Eric Leblond <eric@regit.org>
> 
> 
> 
> 
>