Urgently need help with Linux 2.4.10 + iptables 1.2.4 firewall trbl

[Phil Barker <pbarker () southwestern cc or us>]

Hello Folks,

I hope I'm not posting to the wrong place. If I am I apologize in advance.

About 22 days ago I replaced the firewall that served this place well
(Kernel 2.4.5 with iptables 1.2.2) with a more recent configuration 
(kernel 2.4.10 with iptables 1.2.4)and larger harddrive. I did extensive
testing and all seemed to be right with the world.

Roughly a week ago, certain websites suddenly became unavailable so I did
more research, tried some changes to features like disabling 'excessive
congestion notification' but to no avail. Sites like www.datatel.com and
mail.yahoo.com are unavailable.

Yesterday, out of desperation, I tried falling back to kernel 2.2.19
using ipchains and all seemed to be okay except no joy with those same websites. 

But this firewall did offer one clue that the iptables box did not: 
ICMP checksum failure with xxx.xxx.xxx.xxx were showing up for browsers trying 
to go to the datatel site.

I know this is going to sound like a crazy question but have some regional
backbone providers made any changes that could have resulted in this problem?
Are there any changes that a non-expert like myself could try to lessen
or solve this apparent ICMP problem?

The network here uses a single T-1 with over 800 PC's through this Linux NAT
and I wonder if the overall network congestion could be aggravating this problem.

Thanks,
Phil

-- 
+--------------------------------------------------------------------------+
Phil Barker                  | [(h/p)]9000 HP-UX 10.20
SysAdmin/Security Specialist | NT 4.x / Various Linux
SW Or. Community College     | NEC NEAX 2400 PABX
1988 Newmark Av.             | ActiveVoice CTI Repartee 7.47
Coos Bay Or 97420-2912       | kernel panic: /dev/coffee.pot not found
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards