[kwlug-disc] No web on LAN - but everything else works...

Wed Dec 17 13:07:57 EST 2008

Any success if you web out to a non-80 port? e.g. 
http://myremoteadmin.com:8080?

telnet google.ca 80
get abc.txt

reveal anything interesting, like nada, or garbled text?

L.D. Paniak wrote, On 12/17/2008 12:22 PM:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> It's a cable modem and the MTU is reported at 576.  I thought this was
> ridiculously low.  Nowhere near the 1500/1492 I'd expect.
> 
> I'll give ping a try with big packets.
> 
> 
> john at netdirect.ca wrote:
>> This isn't a comprehensive response but how about MTU? Is it possible that the MtU for the dsl is too large and packet fragmentation is causing problems with large packets?  Use ping options that create large payloads for testing. 
>>
>>
>>
>> ----- Original Message -----
>> From: "L.D. Paniak" [ldpaniak at fourpisolutions.com]
>> Sent: 12/17/2008 12:10 PM EST
>> To: kwlug-discussion <kwlug-disc at kwlug.org>
>> Subject: [kwlug-disc] No web on LAN - but everything else works...
>>
>>
>>
>> OK, I'm at my wit's end with this one.  Maybe you guys and gals can
>> point out what I'm missing.
>>
>> Background:  Samba fileserver running Debian Lenny with Shorewall
>> firewall connected to (dhcp) cable modem on eth0 and a lan on br0 (a
>> bridge of lan on eth1, openvpn tap0 and an admin network on eth2).
>>
>> modem -- eth0 -- shorewall -- br0 (eth1,2 and tap0)
>>
>> Everything worked well until last Thursday when a power outage resulted
>> in an 'awkward' shutdown.
>>
>> On reboot, there was no network connectivity on eth0 and eth1.  Both
>> ports are on a dual-port Intel e1000 gigabit card.  Apparently the
>> onboard nvram became corrupted.  Reflashing the card fixed that and
>> restored network connectivity (mostly-read on).
>>
>> Now from the server, all connectivity to the Internet (including
>> http/https) and the LAN is OK.  Speeds good, no packet problems reported
>> in ifconfig.  From the LAN, Samba is there along with other machines on
>> the LAN and all internet services are good with excellent speed.
>>
>> The problem is with Internet access from computers on the LAN.  A
>> computer on the LAN has no web access.  Strangely, e-mail works and
>> Skype can log in.  Pings from the LAN to the internet work and name
>> resolution is good.  ie. ping google.ca gives a good result.
>>
>> It seems that the server is refusing to return requested Internet web
>> traffic to the appropriate LAN client.  NAT is configured in Shorewall
>> via the masq file.  Here it looks like:
>>
>> eth0	br0
>>
>> Very simple and worked until last Friday.
>>
>> Is there something I should be looking for in iptables?  Why should
>> e-mail be different than web traffic - I do not differentiate anywhere
>> in the firewall? Is there something 'stuck'?...
>>
>> Thanks for any and all insight!