That is always a bit tricky, often those packets *are* sent back but they are blocked somewhere closer to the client, and/or the TCP stack of the system does not process them in a reasonable way. It is possible to work around that by adjusting the MSS of a TCP SYN passing the point where outgoing MTU is smaller than incoming MTU (incidentally something that I invented and implemented in NET in 1995, but later almost any router and routing software started to support it) so as a result the TCP segments sent by the endpoints will be smaller and won't need to be fragmented. Roger can do that on his own server, e.g. like this: iptables -t mangle -A INPUT -p tcp --syn -j TCPMSS --set-mss 1400 iptables -t mangle -A OUTPUT -p tcp --syn -j TCPMSS --set-mss 1400 Or on a router/gateway along the path (using FORWARD instead of INPUT/OUTPUT). However, I'm not convinced that this is the problem as the site works OK for me over internet. Why wouldn't it work for Google then? Rob