good day,

i have a bunch of web servers running on 2 different networks. each network, there is a firewall (iptables). each machine will also run iptables to filter packets.

the first network is running without any problem. firewall, web server, proxy, db all working without any problem.

the second network is very interesting..... the firewall is running an IP-GRE tunnel to the isp. (because on the LAN side i am running true ip, and on the WAN side i am private ip. that's rite. then on the wan side, i need to do a gre tunnel and nat outbound packets to my firewall's LAN ip. yes, i have to tunnel through their networks... and eventually out to the internet.)

i have adjusted the mtu and mss as per the ISP's instructions. i am able to route in and out to this network without any problem while the firewall is not running. if i borrow the firewall script (which allow dns, http and ssh) from the first network, ssh and dns will work. BUT http does not work. yes http does not work.

any idea?????