[Ewrt-devel] Configuration
Tom Goetz
Fri Jun 11 05:55:01 PDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Irving Popovetsky wrote:
| This patch looks better than the one I made. I had
| CONFIG_IP_NF_TARGET_TCPMSS set but had not touched
| CONFIG_IP_NF_MATCH_TCPMSS.
|
| I would like to include this patch in Ewrt. Have you tested it in
| either a pptp or PPPoE scenario?
|
| -Irving
|
|
Here's some data from the patch. The rules is present in the FORWARD
chain, but doesn't seem to be effecting the PPTP traffic.
iptables --list (FOWARD section only)
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN tcpmss match 1351:65535 TCPMSS set 1352
lan2wan all -- anywhere anywhere
logaccept tcp -- anywhere 192.168.1.64 tcp dpt:ssh
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
logaccept all -- anywhere anywhere state NEW
DROP all -- anywhere anywhere
tcpdump while freyr's mtu is set to 1300 so TCP works
...
08:20:03.785613 IP gateway.hexamon.org.1073 > freyr.hexamon.org.ssh: S
601193965:601193965(0) win 65535 <mss 1360,nop,nop,sackOK>
08:20:03.785674 IP freyr.hexamon.org.ssh > gateway.hexamon.org.1073: S
1982039149:1982039149(0) ack 601193966 win 5040 <mss 1260,nop,nop,sackOK>
08:20:03.824157 IP gateway.hexamon.org.1073 > freyr.hexamon.org.ssh: .
ack 1 win 65535
...
tcpdump while freyr's mtu is set to 1500, notice the need frag
...
08:36:18.195906 IP freyr.hexamon.org.ssh > gateway.hexamon.org.1081: .
1126:2486(1360) ack 1173 win 7504
08:36:18.199205 IP gateway.hexamon.org > freyr.hexamon.org: icmp 556:
vpn1.hexamon.org.1.168.192.in-addr.arpa unreachable - need to frag (mtu
1392)
...
ifconfig
br0 Link encap:Ethernet HWaddr 00:0F:66:2C:9A:23
~ inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
~ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
~ RX packets:30081 errors:0 dropped:0 overruns:0 frame:0
~ TX packets:25238 errors:0 dropped:0 overruns:0 carrier:0
~ collisions:0 txqueuelen:0
~ RX bytes:3536082 (3.3 Mb) TX bytes:14774091 (14.0 Mb)
eth0 Link encap:Ethernet HWaddr 00:0F:66:2C:9A:23
~ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
~ RX packets:455531 errors:0 dropped:0 overruns:0 frame:0
~ TX packets:77028 errors:0 dropped:0 overruns:0 carrier:0
~ collisions:0 txqueuelen:100
~ RX bytes:46300823 (44.1 Mb) TX bytes:20221810 (19.2 Mb)
~ Interrupt:5 Base address:0x2000
eth1 Link encap:Ethernet HWaddr 00:0F:66:2C:9A:25
~ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
~ RX packets:0 errors:0 dropped:0 overruns:0 frame:679994
~ TX packets:0 errors:109 dropped:0 overruns:0 carrier:0
~ collisions:0 txqueuelen:100
~ RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
~ Interrupt:4 Base address:0x1000
lo Link encap:Local Loopback
~ inet addr:127.0.0.1 Mask:255.0.0.0
~ UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
~ RX packets:0 errors:0 dropped:0 overruns:0 frame:0
~ TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
~ collisions:0 txqueuelen:0
~ RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ppp0 Link encap:Point-Point Protocol
~ inet addr:192.168.1.1 P-t-P:192.168.1.192 Mask:255.255.255.255
~ UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1392 Metric:1
~ RX packets:656 errors:0 dropped:0 overruns:0 frame:0
~ TX packets:553 errors:0 dropped:0 overruns:0 carrier:0
~ collisions:0 txqueuelen:3
~ RX bytes:43803 (42.7 kb) TX bytes:83790 (81.8 kb)
vlan0 Link encap:Ethernet HWaddr 00:0F:66:2C:9A:23
~ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
~ RX packets:30085 errors:0 dropped:0 overruns:0 frame:0
~ TX packets:47444 errors:0 dropped:0 overruns:0 carrier:0
~ collisions:0 txqueuelen:0
~ RX bytes:3656625 (3.4 Mb) TX bytes:16296227 (15.5 Mb)
vlan1 Link encap:Ethernet HWaddr 00:0F:66:2C:9A:24
~ inet addr:65.96.254.18 Bcast:65.96.254.255 Mask:255.255.255.0
~ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
~ RX packets:425446 errors:0 dropped:0 overruns:0 frame:0
~ TX packets:29584 errors:0 dropped:0 overruns:0 carrier:0
~ collisions:0 txqueuelen:0
~ RX bytes:34444640 (32.8 Mb) TX bytes:3925583 (3.7 Mb)
Notice that the SYN packet coming through gateway (the WRT54G) has a MSS
of 1360. It eem to be uneffected by the rules to set MSS to 1352. The
rule may have to be part of another chain to effect tunneled traffic.
Perhaps POSTROUTE.
MSS should be 40 bytes less than the governing MTU for TCP traffic to
work. The governing MTU is 1392 from ppp0.
Any ideas?
Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAyauklL+M60Z4RqcRApQyAJ9hwXx1qsAj49ubodS2QdlrIkEV0QCg2Ufb
QemJFrf8q0sUsDevmHpw97Q=
=pas9
-----END PGP SIGNATURE-----
More information about the Ewrt-devel mailing list