> > From what you say here, your DMZ is *INSIDE* your protected network.
> > This won't work, or at least this is not a DMZ.
>
> Internal network (masqueraded): 192.168.1.0/24
>
> DMZ (masqueraded): 192.168.10.0/24
> (note that third number, ten instead of one)

I was being put off track by your reference to 192.168.0.0/16
But if you only use it to filter packets on the FW and not to route them, it
should be Ok.

So, addresses, route and masqueraded networks seems ok too...

> Per my last post, here's me navigating from the first page which I see,
> minus the .GIF's, down through the /usr/doc link to:

So, only the GIF's seems to be broken... can you try other big files? a JPG for
example?
Also, what happens if you try to browse

http://ii.jj.kk.ll/gif/penguin.gif\29

and, what happens if you try to do, from your home PC, a

telnet ii.jj.kk.ll 80
GET /gif/penguin.gif

> I've posted some of the relevant parts... Do you need me to post the whole
> thing?

No... The linux packet filter is not intelligent enough to tell apart GIFs from
HTML docs... ;-)
I suspect something strange is happening... did you checked the MTU between your
home pc and your FW?

Using windows, you can use the -f paramenter of ping, and then specify a big
ping packet size. This way, you can tell if there's a non-fragmenting router
somewhere inbetween. BTW, did you ckeck that from other hosts on the 'net
loading the page show the same behaviour?

> Thanks for the help. :-)

I'd like to have been able to... ;-)

Ciao,
  Roberto.

P.S.
My delayed reply is due to Telecom Italia network problems... Two days down...
;-(

-- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]