[Ewrt-devel] Configuration

• Previous message: [Ewrt-devel] Configuration
• Next message: [Ewrt-devel] NoCat, redirect does not work on WLAN
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Irving Popovetsky wrote:

| This patch looks better than the one I made.  I had
| CONFIG_IP_NF_TARGET_TCPMSS set but had not touched
| CONFIG_IP_NF_MATCH_TCPMSS.
|
| I would like to include this patch in Ewrt.  Have you tested it in
| either a pptp or PPPoE scenario?
|
| -Irving
|
|

Here's some data from the patch. The rules is present in the FORWARD
chain, but doesn't seem to be effecting the PPTP traffic.

iptables --list (FOWARD section only)

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere            state INVALID
TCPMSS     tcp  --  anywhere             anywhere            tcp
flags:SYN,RST/SYN tcpmss match 1351:65535 TCPMSS set 1352
lan2wan    all  --  anywhere             anywhere
logaccept  tcp  --  anywhere             192.168.1.64        tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
logaccept  all  --  anywhere             anywhere            state NEW
DROP       all  --  anywhere             anywhere

tcpdump while freyr's mtu is set to 1300 so TCP works

...
08:20:03.785613 IP gateway.hexamon.org.1073 > freyr.hexamon.org.ssh: S
601193965:601193965(0) win 65535 <mss 1360,nop,nop,sackOK>
08:20:03.785674 IP freyr.hexamon.org.ssh > gateway.hexamon.org.1073: S
1982039149:1982039149(0) ack 601193966 win 5040 <mss 1260,nop,nop,sackOK>
08:20:03.824157 IP gateway.hexamon.org.1073 > freyr.hexamon.org.ssh: .
ack 1 win 65535
...

tcpdump while freyr's mtu is set to 1500, notice the need frag

...
08:36:18.195906 IP freyr.hexamon.org.ssh > gateway.hexamon.org.1081: .
1126:2486(1360) ack 1173 win 7504
08:36:18.199205 IP gateway.hexamon.org > freyr.hexamon.org: icmp 556:
vpn1.hexamon.org.1.168.192.in-addr.arpa unreachable - need to frag (mtu
1392)
...

ifconfig
br0       Link encap:Ethernet  HWaddr 00:0F:66:2C:9A:23
~          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
~          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
~          RX packets:30081 errors:0 dropped:0 overruns:0 frame:0
~          TX packets:25238 errors:0 dropped:0 overruns:0 carrier:0
~          collisions:0 txqueuelen:0
~          RX bytes:3536082 (3.3 Mb)  TX bytes:14774091 (14.0 Mb)

eth0      Link encap:Ethernet  HWaddr 00:0F:66:2C:9A:23
~          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
~          RX packets:455531 errors:0 dropped:0 overruns:0 frame:0
~          TX packets:77028 errors:0 dropped:0 overruns:0 carrier:0
~          collisions:0 txqueuelen:100
~          RX bytes:46300823 (44.1 Mb)  TX bytes:20221810 (19.2 Mb)
~          Interrupt:5 Base address:0x2000

eth1      Link encap:Ethernet  HWaddr 00:0F:66:2C:9A:25
~          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
~          RX packets:0 errors:0 dropped:0 overruns:0 frame:679994
~          TX packets:0 errors:109 dropped:0 overruns:0 carrier:0
~          collisions:0 txqueuelen:100
~          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
~          Interrupt:4 Base address:0x1000

lo        Link encap:Local Loopback
~          inet addr:127.0.0.1  Mask:255.0.0.0
~          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
~          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
~          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
~          collisions:0 txqueuelen:0
~          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ppp0      Link encap:Point-Point Protocol
~          inet addr:192.168.1.1  P-t-P:192.168.1.192  Mask:255.255.255.255
~          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1392  Metric:1
~          RX packets:656 errors:0 dropped:0 overruns:0 frame:0
~          TX packets:553 errors:0 dropped:0 overruns:0 carrier:0
~          collisions:0 txqueuelen:3
~          RX bytes:43803 (42.7 kb)  TX bytes:83790 (81.8 kb)

vlan0     Link encap:Ethernet  HWaddr 00:0F:66:2C:9A:23
~          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
~          RX packets:30085 errors:0 dropped:0 overruns:0 frame:0
~          TX packets:47444 errors:0 dropped:0 overruns:0 carrier:0
~          collisions:0 txqueuelen:0
~          RX bytes:3656625 (3.4 Mb)  TX bytes:16296227 (15.5 Mb)

vlan1     Link encap:Ethernet  HWaddr 00:0F:66:2C:9A:24
~          inet addr:65.96.254.18  Bcast:65.96.254.255  Mask:255.255.255.0
~          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
~          RX packets:425446 errors:0 dropped:0 overruns:0 frame:0
~          TX packets:29584 errors:0 dropped:0 overruns:0 carrier:0
~          collisions:0 txqueuelen:0
~          RX bytes:34444640 (32.8 Mb)  TX bytes:3925583 (3.7 Mb)


Notice that the SYN packet coming through gateway (the WRT54G) has a MSS
of 1360. It eem to be uneffected by the rules to set MSS to 1352. The
rule may have to be part of another chain to effect tunneled traffic.
Perhaps POSTROUTE.

MSS should be 40 bytes less than the governing MTU for TCP traffic to
work. The governing MTU is 1392 from ppp0.

Any ideas?

Tom

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAyauklL+M60Z4RqcRApQyAJ9hwXx1qsAj49ubodS2QdlrIkEV0QCg2Ufb
QemJFrf8q0sUsDevmHpw97Q=
=pas9
-----END PGP SIGNATURE-----

• Previous message: [Ewrt-devel] Configuration
• Next message: [Ewrt-devel] NoCat, redirect does not work on WLAN
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]