From what you say here, your DMZ is *INSIDE* your protected network. This won't work, or at least this is not a DMZ.
Internal network (masqueraded): 192.168.1.0/24
DMZ (masqueraded): 192.168.10.0/24 (note that third number, ten instead of one)
I was being put off track by your reference to 192.168.0.0/16 But if you only use it to filter packets on the FW and not to route them, it should be Ok. So, addresses, route and masqueraded networks seems ok too...
Per my last post, here's me navigating from the first page which I see, minus the .GIF's, down through the /usr/doc link to:
So, only the GIF's seems to be broken... can you try other big files? a JPG for example? Also, what happens if you try to browse http://ii.jj.kk.ll/gif/penguin.gif and, what happens if you try to do, from your home PC, a telnet ii.jj.kk.ll 80 GET /gif/penguin.gif
I've posted some of the relevant parts... Do you need me to post the whole thing?
No... The linux packet filter is not intelligent enough to tell apart GIFs from HTML docs... ;-) I suspect something strange is happening... did you checked the MTU between your home pc and your FW? Using windows, you can use the -f paramenter of ping, and then specify a big ping packet size. This way, you can tell if there's a non-fragmenting router somewhere inbetween. BTW, did you ckeck that from other hosts on the 'net loading the page show the same behaviour?
Thanks for the help. :-)
I'd like to have been able to... ;-) Ciao, Roberto. P.S. My delayed reply is due to Telecom Italia network problems... Two days down... ;-(