[kwlug-disc] No web on LAN - but everything else works...

john at netdirect.ca john at netdirect.ca
Wed Dec 17 12:18:17 EST 2008

This isn't a comprehensive response but how about MTU? Is it possible that the MtU for the dsl is too large and packet fragmentation is causing problems with large packets?  Use ping options that create large payloads for testing. 

----- Original Message -----
From: "L.D. Paniak" [ldpaniak at fourpisolutions.com]
Sent: 12/17/2008 12:10 PM EST
To: kwlug-discussion <kwlug-disc at kwlug.org>
Subject: [kwlug-disc] No web on LAN - but everything else works...

Hash: SHA1

OK, I'm at my wit's end with this one.  Maybe you guys and gals can
point out what I'm missing.

Background:  Samba fileserver running Debian Lenny with Shorewall
firewall connected to (dhcp) cable modem on eth0 and a lan on br0 (a
bridge of lan on eth1, openvpn tap0 and an admin network on eth2).

modem -- eth0 -- shorewall -- br0 (eth1,2 and tap0)

Everything worked well until last Thursday when a power outage resulted
in an 'awkward' shutdown.

On reboot, there was no network connectivity on eth0 and eth1.  Both
ports are on a dual-port Intel e1000 gigabit card.  Apparently the
onboard nvram became corrupted.  Reflashing the card fixed that and
restored network connectivity (mostly-read on).

Now from the server, all connectivity to the Internet (including
http/https) and the LAN is OK.  Speeds good, no packet problems reported
in ifconfig.  From the LAN, Samba is there along with other machines on
the LAN and all internet services are good with excellent speed.

The problem is with Internet access from computers on the LAN.  A
computer on the LAN has no web access.  Strangely, e-mail works and
Skype can log in.  Pings from the LAN to the internet work and name
resolution is good.  ie. ping google.ca gives a good result.

It seems that the server is refusing to return requested Internet web
traffic to the appropriate LAN client.  NAT is configured in Shorewall
via the masq file.  Here it looks like:

eth0	br0

Very simple and worked until last Friday.

Is there something I should be looking for in iptables?  Why should
e-mail be different than web traffic - I do not differentiate anywhere
in the firewall? Is there something 'stuck'?...

Thanks for any and all insight!
Version: GnuPG v1.4.6 (GNU/Linux)


kwlug-disc_kwlug.org mailing list
kwlug-disc_kwlug.org at kwlug.org

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the kwlug-disc mailing list