|Main Archive Page > Month Archives > shorewall-users archives|
On 4/17/12 9:44 AM, Bruce Edge wrote:
> On Mon, Apr 16, 2012 at 3:26 PM, Tom Eastep <firstname.lastname@example.org
> <mailto:email@example.com>> wrote:
> On 04/16/2012 03:21 PM, Bruce Edge wrote:
> > On Mon, Apr 16, 2012 at 2:28 PM, Tom Eastep <firstname.lastname@example.org
> > <mailto:email@example.com <mailto:firstname.lastname@example.org>>> wrote:
> > On Apr 16, 2012, at 1:48 PM, Bruce Edge <email@example.com
> > <mailto:firstname.lastname@example.org <mailto:email@example.com>>>
> >> Shorewall is, in general, working fine. Much better then ufw
> >> I have one single problem with one single web site on a 2
> >> interface fw.
> >> If I plug into my cable modem directly, this site works fine.
> >> I cannot access: https://www5.v1host.com/ from behind shorewall.
> >> In fact, I can't get to it even from the fw itself.
> >> With the cable modem on eth0 of my fw, neither machines behind it
> >> on eth1, or the fw itself can get this one specific web site.
> > If you temporarily 'shorewall clear', can you access the site from
> > the fw? (be sure to 'shorewall .
> > start' after testing.
> > Tom
> > No, that's the part I don't understand. Even that doesn't work.
> > Just to re-iterate for clarity, even after a "shorewall clear" I still
> > cannot access that site from either the fw or any machines behind it.
> Then I'm afraid that your problem has nothing to do with your Shorewall
> Not surprisingly, you were right.
> Just to followup in case this helps anyone else, I fixed this by forcing
> my MTU to 1500 on both interfaces.
> No clue why I only saw this on one specific site.
A misconfigured router between you and that site is breaking path MTU
-- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
Shorewall-users mailing list