Okay, I'm stumped. I seem to inexplicably be cut off from large chunks of the web.

I have a firewall connected to a DSL line. I'm using iptables with NAT turned on. My internal net has two machines on it. On my internal machines, there is a subset of websites that I just cannot seem to access -- for example, news.yahoo.com. I can get to yahoo.com, but not to any of the subdomains -- the browser just gets a timeout error. Sometimes it seems to be browser specific -- I can access google.com with Mozilla, but not Konquerer (timeout error). Sometimes the browser makes no difference.

As a test, I logged onto every single one of my machines at the same time, and fired up links (so I'm using the same browser on everything), and tried to surf to news.yahoo.com. Internal net... no dice. Firewall... no problem. I can successfully ping that server from any machine, firewall or internal net.

I logged the packets going to/from my firewall to the news.yahoo.com while surfing from the firewall, to see what a successful connection looks like. Then I logged the packets going to/from an internal machine. I haven't fully gone through the logs to see what's missing, but there is a significant amount of stuff that's not being passed through the firewall -- it doesn't even look as though the same sequence of packets is being sent.

Any suggestions on where I start looking for the problem? I've tried simplifying my firewall rules to just let everything in/out, but it didn't seem to have much of an effect.

Thanks,