Re: ipchains conversion

Paul Rusty Russell (
Mon, 06 Sep 1999 05:21:51 +0930

In message <000801bef6d7$ff5a44a0$> you write:
> Rusty

[ Cc'd to Juanjo and linux-net: looks like a fragment reassembly
problem? Anyone seen this with OS/2 before? ]

> I've tried it with masquerading and without, same results either way.
> All other services work.
> No true proxy, just ipchains.
> I have some new findings.
> The traffic is affected both directions for all HTTP, server or client. I
> have an Apache server running on the OS/2 machine and I get the same
> messages when trying to connect to it from the internet.
> A TCPDUMP is squawking about fragments and timing out during "ip
> reassemble".

I think I'm going to need a copy of that tcpdump output. Make sure
you use `-n'.


> -----Original Message-----
> From: [] On Behalf Of Paul
> Rusty Russell
> Sent: Thursday, September 02, 1999 1:40 PM
> To:
> Subject: Re: ipchains conversion
> In message <> you write:
> > Paul,
> >
> > I've been searching the net for info on this issue and your expertise
> > keeps popping up in my results list. I hope you answer questions like
> > this. I just converted from Redhat 5.2 to Redhat 6.0 and consequently
> > moved from ipfwadm to ipchains. Under the new configuration, an OS/2
> > machine on the network can no longer connect to HTTPD sites. Telnet and
> > FTP continue to work, although slow. When I try to connect I receive a
> > "Broken Pipe" from Netscape. I can connect to the site, but never
> > receive any data back.
> How wierd. Are you masquerading? Does everything else work? Is the
> OS/2 machine trying to connect directly, or use an http proxy (what do
> you mean by HTTPD sites?).
> A tcpdump (ideally from an unrelated machine on the same network as
> the OS/2 box) might help here...
> Curious,
> Rusty.
> --
> Hacking time.

Hacking time.
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to