Solved

IP Masquerade/TCP-IP Problem

Posted on 1998-04-01
13
426 Views
Last Modified: 2013-12-05
Okay, here's the scoop.  I have a redhat 5.0 box (2.0.32) with the Following Vital stats-
-Pentium 90
-16 Megs of RAM
-290 Meg Hard Drive
-Two NE2000 cards
-2meg Cirrus PCI graphics card

I had Masquerade working with Slackware 96, but then my hard drive died and I figured I'd reinstall everything from scratch with Redhat 5. Using the exact same network configuration, ip masquerading does not work.

I have a cable modem, with ip address 24.2.80.* (last digit obscured to protect the innocent).
My private network is on the 192.168.2.* subnet, with my linux box having 192.168.2.1.
The command "cat /proc/sys/net/ipv4/ip_masquerade" returns a "1" value
My ipfwadm commands are as follows (I'm using the default kernel, but that comes with masq support built-in)-
ipfwadm -If
ipfwadm -Of
ipfwadm -Ff
ipfwadm -Ip accept
ipfwadm -Op accept
ipfwadm -Fp deny
ipfwadn -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0

I've also tried ipfwadm -F -a masquerade -S 192.168.2.0/24 -D 0.0.0.0/0, but that doesn't work either. My win95 box has a proper IP address, has 192.168.2.1 set as the gateway, and can ping the Linux box with no problem.   My routing tables are as follows.

Destination        Gateway         Genmask         Flags     Metric  Ref Use Iface
192.168.2.0            *               255.255.255.0   U                0          0   0  eth1
loopback                 *               255.0.0.0            U                0          0    1  lo
default                 24.2.80.1    255.255.255.0    UG             0         0    0  eth0
24.2.80.0                *               255.255.255.0    U               0          0     0 eth0
(it's right after a reboot)

From the Linux box, I can ping any box on either side of the network, but I can't ping my router (24.2.80.1) from the internal network.  I don't know if ICMP masquerading is enabled, so I tried to also do name server lookups and http requests from my internal machine to home.netscape.com and my school's web server. Nothing.  

I went and got tcpdump and installed it, then watched some sessions between my Linux box and the win95 machine (i.e. tcpdump -i eth1).  When it tried to ping the router, I just got a whole string of "ICMP Echo Request"s to the router from the win95.  But on the other side (tcpdump -i eth0), there was no masqueraded Echo Requests being sent.
Then I tried telnetting to my Linux box from my win95 box.  IT just simply didn't work. So, I tcpdumped the output of an attempted telnet session, and saw that my win95 box sent out four packets with a destination ip address of my Linux box, and my Linux box never sent a single packet.   My tcp_wrappers script allows telnet requests in, and my ipfwadm policies allow incoming packets.
 Then I wasn't sure if tcpdump would show my outgoing packets from the Linux box.  So I tried telnetting from the Linux box to the win95 (I know the win95 machine doesn't have a telnet server. I just wanted to see what would happen) and tcpdumped the output.  It showed my Linux box sending a packet, the win95 box responding, etc., etc. but my Linux box never came back with "Connection Refused".  It just timed out.  Hoping it was a win95 problem, I reinstalled the win95 networking drivers, but that didn't work either.  Then I tried setting my Linux box's Window and MSS sizes to the same as those sent by the win95 box when it tried to telnet to my machine (Window 8192 MSS 1500). No luck. Does anyone have any clue what it is?  I thinki I've tried everything.  If it's a win95 problem, can anyone tell me how to fix it? Ditto for Linux.  Thank you all very much in advance.

Best Wishes,
Matthew Zito
0
Comment
Question by:mzito
  • 6
  • 2
  • 2
  • +3
13 Comments
 

Expert Comment

by:luteijn
ID: 1637049
I'm using RH 4.2, so you might have some more/different options than I have.
I think your genmask in your routing table is wrong. Fwiw, I use /sbin/ipfwadm -F -p deny ; /sbin/ipfwadm -F -a m -S 10.0.0.0/8 -D 0.0.0.0/0
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
potsgw1.tudelft *               255.255.255.255 UH    0      0        0 ppp0
localnet        *               255.0.0.0       U     0      0       32 eth0
127.0.0.0       *               255.0.0.0       U     0      0        4 lo
default         potsgw1.tudelft 0.0.0.0         UG    0      0       20 ppp0
0
 
LVL 1

Author Comment

by:mzito
ID: 1637050
Sorry, that didn't help. I appreciate the response, though.  Oh, I mistyped something above.  I meant to put: "cat /proc/sys/net/ipv4/ip_forward returns 1".  Hope that didn't cause any confusion
0
 
LVL 1

Author Comment

by:mzito
ID: 1637051
Adjusted points to 220
0
 
LVL 1

Expert Comment

by:mikaj
ID: 1637052
Try this, download program called dotfile-2.1b1
that program is graphical (X11) interface to ipfwadm (generates firewall scripts)
Much easier and faster to create all kind of masq/firewall scripts.
Download it, it is great!!!

 1 -rw-r--r--  882.1K 1997 Sep 18 ftp.imada.ou.dk      /pub/dotfile/dotfile-2.1b1.tar.gz
  2 -r--r--r--  882.1K 1997 Dec  1 ftp.ula.ve           /pub/unix/utilities/dotfile-2.1b1.tar.gz
  3 -r--r--r--  899.3K 1997 Nov  9 ftp.jyu.fi           /.2/redhat/pub/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
  4 -rw-r--r--  899.3K 1997 Nov 10 ftp.pht.com          /.3/redhat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
  5 -rw-r--r--  899.3K 1997 Nov 10 ftp.chg.ru           /.5/Linux/RedHat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
  6 -rw-r--r--  899.3K 1997 Nov 10 ftp.eecs.umich.edu   /.7/linux/redhat_contrib/SRPMS/dotfile-2.1b1-1.src.rpm
  7 -rw-rw-r--  899.3K 1997 Nov 10 ftp.pacificorp.com   /.mirrors/ftp.redhat.com/pub/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
  8 -rw-r--r--  899.3K 1997 Nov 10 ftp.ms.mff.cuni.cz   /MIRRORS/ftp.redhat.com/pub/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
  9 -rw-r--r--  899.3K 1997 Nov  9 ftp.doc.ic.ac.uk     /Mirrors/ftp.redhat.com/pub/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 10 -rw-r--r--  899.3K 1997 Nov 10 ftp.ms.mff.cuni.cz   /OS/Linux/Distributions/Redhat-contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 11 -r--r--r--  899.3K 1997 Nov  9 ftp.sinica.edu.tw    /_Operating_System/linux/redhat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 12 -rw-r--r--  899.3K 1997 Nov  9 ftp.cc.gatech.edu    /ac121/linux/distributions/redhat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 13 -rw-r--r--  899.3K 1997 Nov  9 ftp.in-chemnitz.de   /afs/pub/linux/redhat-mirror/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 14 -rw-r--r--  899.3K 1997 Nov  9 ftp.inp.nsk.su       /archives_src/linux/RedHat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 15 -rw-r--r--  899.3K 1997 Nov 10 ftp.sunsite.auc.dk   /disk1/ftp.redhat.com/pub/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 16 -rw-r--r--  899.3K 1997 Nov 10 ftp.ua.pt            /disk4/Linux/distributions/redhat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 17 -rw-r--r--  899.3K 1997 Nov 10 ftp.dcc.uchile.cl    /dsk/d6/redhatcontrib/SRPMS/dotfile-2.1b1-1.src.rpm
 18 -rw-r--r--  899.3K 1997 Nov 10 sunsite.dcc.uchile.cl /dsk/d6/redhatcontrib/SRPMS/dotfile-2.1b1-1.src.rpm
 19 -r--r--r--  899.3K 1997 Nov  9 ftp.rydnet.lysator.liu.se /export2/linux/distributions/.rh/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 20 -r--r--r--  899.3K 1997 Nov  9 ftp.sun.ac.za        /linux/contrib/redhat/SRPMS/dotfile-2.1b1-1.src.rpm
 21 -rw-r--r--  899.3K 1997 Nov  9 ftp.mpi-sb.mpg.de    /linux/mirror/ftp.redhat.com/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 22 -rw-r--r--  899.3K 1997 Nov 10 ftp.uwsg.indiana.edu /linux/redhat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 23 -rw-r--r--  899.3K 1997 Nov 10 ftp.iut-bm.univ-fcomte.fr /mail/redhat-contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 24 -rw-r--r--  899.3K 1997 Nov  9 ftp.uni-hohenheim.de /mirror/ftp.redhat.com/pub/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 25 -rw-rw-r--  899.3K 1997 Nov  9 sunsite.cnlab-switch.ch /mirror/linux/distributions/redhat-contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 26 -rw-r--r--  899.3K 1997 Nov  9 ftp.man.poznan.pl    /mirror/redhat-contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 27 -rw-r--r--  899.3K 1997 Nov  9 ftp.man.poznan.pl    /mirror1/coast/redhat-contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 28 -rw-r--r--  899.3K 1997 Nov 10 ftp.flashnet.it      /mirror5/sunsite.unc.edu/distributions/redhat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 29 -rw-r--r--  899.3K 1997 Nov 10 ftp.uoknor.edu       /mirrors/linux/redhat-contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 30 -rw-r--r--  899.3K 1997 Nov 10 ftp.lame.org         /mirrors/redhat-contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 31 -r--r--r--  899.3K 1997 Nov  9 unix.hensa.ac.uk     /mirrors/sunsite/pub/Linux/distributions/redhat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 32 -r--r--r--  899.3K 1997 Nov  9 ftp.informatik.uni-rostock.de /mnt/ftp/ftp02/linux/contrib/SPRMS/dotfile-2.1b1-1.src.rpm
 33 -rw-r--r--  899.3K 1997 Nov 10 ftp.muni.cz          /mount/redhat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 34 -r--r--r--  899.3K 1997 Nov 10 ftp.eu.net           /os/Linux/distributions/redhat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 35 -rw-r--r-T  899.3K 1997 Nov  9 ftp.uni-jena.de      /pub/.mounts/disk02/linux/MIRROR.redhat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 36 -rw-r--r--  899.3K 1997 Nov  9 ftp.saix.net         /pub/Linux/distributions/redhat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 37 -rw-r--r--  899.3K 1997 Nov 10 ftp.cs.buffalo.edu   /pub/Linux/redhat-contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 38 -rw-r--r--  899.3K 1997 Nov  9 ftp.pg.gda.pl        /pub/Linux/redhat-contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 39 -rwxr-xr-x  899.3K 1997 Nov 10 ftp.ege.edu.tr       /pub/Linux/redhat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 40 -rw-r--r--  899.3K 1997 Nov  9 ftp.pg.gda.pl        /pub/OS/Linux/redhat-contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 41 -rw-r--r--  899.3K 1997 Nov  9 ftp.pg.gda.pl        /pub/OS/linux/redhat-contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 42 -r--r--r--  899.3K 1997 Nov  9 sunsite.sut.ac.jp    /pub/archives/linux/distributions/redhat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 43 -rw-r--r--  899.3K 1997 Nov  9 ftp.netcraft.com.au  /pub/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 44 -rw-r--r--  899.3K 1997 Nov  9 ftp.redhat.com       /pub/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 45 -rw-r--r--  899.3K 1997 Nov  9 ftp.xyz.lublin.pl    /pub/helios/distributions/redhat-contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 46 -r--r--r--  899.3K 1997 Nov  9 ftp.sun.ac.za        /pub/linux/contrib/redhat/SRPMS/dotfile-2.1b1-1.src.rpm
 47 -rw-r--r--  899.3K 1997 Nov  9 ftp.med.univ-tours.fr /pub/linux/distributions/redhat-contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 48 -r--r--r--  899.3K 1997 Nov  9 boomer.anu.edu.au    /pub/linux/distributions/redhat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 49 -r--r--r--  899.3K 1997 Nov  9 ftp.fri.uni-lj.si    /pub/linux/distributions/redhat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm
 50 -rw-r--r--  899.3K 1997 Nov  9 ftp.mathematik.tu-darmstadt.de /pub/linux/distributions/redhat/contrib/SRPMS/dotfile-2.1b1-1.src.rpm

0
 
LVL 1

Expert Comment

by:abidn
ID: 1637053
I have to assume that your Win95 is on the 24.2.80.0 network.
The problem as I see it is that any packets from network
24.2.80.0 have to be forwarded to network 192.168.2.0
before they can reach gateway 192.168.2.1.
However, your firewall rules do not allow that.
There are two solutions/options:

==> Add a new firewall rule just before the masquerade rule:
accept forwarding of packets from 24.2.80.* destined for 192.168.0.*. (This is what I recommend).

or

==> Enable Bridging which is experimental in 2.0.x. Bridging
will make 24.2.80.* and 192.168.2.* networks appear
like one network, and thus (hopefully) forwarding will not
be required.

Other issues: To the best of my knowledge, 2.0.32 kernel has to be patched for ICMP masquerade,and the patch is available in the redhat distribution. Also, I am not sure if you need the -I and
-O rules; -F should be enough, but of course, you know more about your security requirements. Please remember that firewall rules are applied in the order you enter them, and the first rule which can be completely applied pre-empts evaluation of subsequent rules. Finally, I can not explain why the same configuration worked under Slackware96 -- which I believe comes with kernel 2.0.0 -- perhaps the current kernel is more restrictive (aka more secured); I doubt if the difference in behaviour is due to wrappers or TCP/IP kit.

tks -an.
0
 
LVL 1

Expert Comment

by:abidn
ID: 1637054
I have to assume that your Win95 is on the 24.2.80.0 network.
The problem as I see it is that any packets from network
24.2.80.0 have to be forwarded to network 192.168.2.0
before they can reach gateway 192.168.2.1.
However, your firewall rules do not allow that.
There are two solutions/options:

==> Add a new firewall rule just before the masquerade rule:
accept forwarding of packets from 24.2.80.* destined for 192.168.0.*. (This is what I recommend).

or

==> Enable Bridging which is experimental in 2.0.x. Bridging
will make 24.2.80.* and 192.168.2.* networks appear
like one network, and thus (hopefully) forwarding will not
be required.

Other issues: To the best of my knowledge, 2.0.32 kernel has to be patched for ICMP masquerade,and the patch is available in the redhat distribution. Also, I am not sure if you need the -I and
-O rules; -F should be enough, but of course, you know more about your security requirements. Please remember that firewall rules are applied in the order you enter them, and the first rule which can be completely applied pre-empts evaluation of subsequent rules. Finally, I can not explain why the same configuration worked under Slackware96 -- which I believe comes with kernel 2.0.0 -- perhaps the current kernel is more restrictive (aka more secured); I doubt if the difference in behaviour is due to wrappers or TCP/IP kit.

tks -an.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Author Comment

by:mzito
ID: 1637055
Sorry, but again, that does not work.  In related information, though, I have the output of two tcpdump sessions, one where my win95 box attempted to telnet to my linux box, and another when my linux box attempted to telnet to my win95 box's email server.  As a stopgap measure, I moved the second nic card over to my win95  box and set up a proxy server.  I found that my other win95 box could SOCKS proxy out through my win95 proxy, but my Linux box could not.  So, I have decided that there must be some problem in the TCP/IP subsystem, and thus I am providing tcpdump output.  Anyone tell me what this means?
192.168.1.168= Win95 Machine
192.168.1.1=  Linux
(I changed my ip addresses because some kind soul sent me  example configuration files using 192.168.1.* ip addresses, so I just made the changes to all the files. Routing, etc., it's all correct,as far as I can tell. Everything can ping everything else, etc.)

Win95 tries to telnet to Linux:
15:47:48.657870 arp who-has 192.168.1.1 tell 192.168.1.168
15:47:48.657870 arp reply 192.168.1.1 is-at 33:40:33:40:c2:ca
15:47:48.657870 192.168.1.168.1091 > 192.168.1.1.telnet: S 1909259:1909259(0) win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp[|tcp]> (DF) [tos 0x31]
15:47:51.947870 192.168.1.168.1091 > 192.168.1.1.telnet: S 1909259:1909259(0) win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp[|tcp]> (DF) [tos 0x31]
15:47:58.537870 192.168.1.168.1091 > 192.168.1.1.telnet: S 1909259:1909259(0) win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp[|tcp]> (DF) [tos 0x31]
15:48:04.527870 0:40:33:3a:b7:da > 3:0:0:0:0:1 sap f0 ui/C len=160
                   2c00 ffef 0800 0000 0000 0000 5a5a 4449
       5354 2020 2020 2020 2020 2000 4d44 5043
       2020 2020 2020 2020 2020 2000 ff53 4d42
       2500 00
15:48:11.497870 192.168.1.168.1091 > 192.168.1.1.telnet: S 1909259:1909259(0) win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp[|tcp]> (DF) [tos 0x31]
15:48:38.547870 192.168.1.168.netbios-dgm > 192.168.1.255.netbios-dgm: udp 212

Linux tries to telnet to win95 SMTP port:
16:09:23.377870 arp who-has 192.168.1.168 tell 192.168.1.1
16:09:23.377870 arp reply 192.168.1.168 is-at 0:80:ad:6:87:c8
16:09:23.377870 192.168.1.1.1028 > 192.168.1.168.smtp: S 3934160335:3934160335(0) win 512 <mss 1460> [tos 0x10]
16:09:23.377870 192.168.1.168.smtp > 192.168.1.1.1028: S 3204041:3204041(0) ack 3934160336 win 8760 <mss 1460> (DF)
16:09:26.377870 192.168.1.1.1028 > 192.168.1.168.smtp: S 3934160335:3934160335(0) win 32120 <mss 1460> [tos 0x10]
16:09:26.377870 192.168.1.168.smtp > 192.168.1.1.1028: . ack 1 win 8760 (DF)
16:09:26.617870 192.168.1.168.smtp > 192.168.1.1.1028: S 3204041:3204041(0) ack 3934160336 win 8760 <mss 1460> (DF)
16:09:32.377870 192.168.1.1.1028 > 192.168.1.168.smtp: S 3934160335:3934160335(0) win 32120 <mss 1460> [tos 0x10]
16:09:32.377870 192.168.1.168.smtp > 192.168.1.1.1028: . ack 1 win 8760(DF)
16:09:33.157870 192.168.1.168.smtp > 192.168.1.1.1028: S 3204041:3204041(0) ack 3934160336 win 8760 <mss 1460> (DF)
16:09:44.377870 192.168.1.1.1028 > 192.168.1.168.smtp: S 3934160335:3934160335(0) win 32120 <mss 1460> [tos 0x10]
16:09:44.377870 192.168.1.168.smtp > 192.168.1.1.1028: . ack 1 win 8760(DF)
16:09:46.217870 192.168.1.168.smtp > 192.168.1.1.1028: S 3204041:3204041(0) ack 3934160336 win 8760 <mss 1460> (DF)
16:10:08.377870 192.168.1.1.1028 > 192.168.1.168.smtp: S 3934160335:3934160335(0) win 32120 <mss 1460> [tos0x10]
16:10:08.377870 192.168.1.168.smtp > 192.168.1.1.1028: . ack 1 win 8760(DF)
16:10:56.377870 192.168.1.1.1028 > 192.168.1.168.smtp: S 3934160335:3934160335(0) win 32120 <mss 1460> [tos 0x10]
16:10:56.377870 192.168.1.168.smtp > 192.168.1.1.1028: S 3297041:3297041(0) ack 3934160336 win 8760 <mss 1460> (DF)
16:10:59.627870 192.168.1.168.smtp > 192.168.1.1.1028: S 3297041:3297041(0) ack 3934160336 win 8760 <mss 1460> (DF)
16:11:06.167870 192.168.1.168.smtp > 192.168.1.1.1028: S 3297041:3297041(0) ack 3934160336 win 8760 <mss 1460> (DF)
16:11:19.227870 192.168.1.168.smtp > 192.168.1.1.1028: S 3297041:3297041(0) ack 3934160336 win 8760 <mss 1460> (DF)

I understand the basics of this (I know what ARP is, etc.) but I don't understand the nitty-gritty.  Can anyone tell me what the problem is by looking at this?  Thanks in advance, as always.

Matt Zito
0
 

Expert Comment

by:fredjones
ID: 1637056
Are the two network cards on the same subnet or different subnets?
0
 
LVL 1

Author Comment

by:mzito
ID: 1637057
Yes, the two network cards are indeed on the same subnet.  
0
 

Expert Comment

by:fredjones
ID: 1637058
Ok, then what I would suggest is to verify that ip forwarding is indeed turned on (/etc/sysconfig/network has the line FORWARD_IPV4=yes) and then try the following lines:

ipfwadm -I -f
ipfwadm -O -f
ipfwadm -F -p deny
ipfwadm -F -a masquerade -W (cable-modem-device ppp0?) -S 192.168.1.0/24 -D 0.0.0.0/0
ipfwadm -F -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o

(That last line will log any failed attempts into /var/log/messages)  Let me know what happens.
0
 
LVL 1

Author Comment

by:mzito
ID: 1637059
If you look above, you can see that I tried those exact lines (barring the -W flag, which is not required anyway) and they did not work.  I tried that variation on more than one occasion, though, and it did not help.  I'm pretty convinced that its a hardware problem or a TCP/IP problem, not a configuration problem, since I've had at least seven separate people check my configuration and report that there are no problems with it.  What I'm looking for now is someone to tell me what that tcpdump output shows.  If someone can explain to my satisfaction what it means and what it indicates the problem is, I'll award the points.

Best Wishes,
Matthew Zito
0
 
LVL 1

Author Comment

by:mzito
ID: 1637060
Adjusted points to 260
0
 
LVL 2

Accepted Solution

by:
kmrussell earned 260 total points
ID: 1637061
Try lowering your MTU to 576 on the linux machine
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
This article will explain how to establish a SSH connection to Ubuntu through the firewall and using a different port other then 22. I have set up a Ubuntu virtual machine in Virtualbox and I am running a Windows 7 workstation. From the Ubuntu vi…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now