[Ewrt-devel] Re: pppoe

• Previous message: [Ewrt-devel] Re: Addendum to ewrt/README
• Next message: [Ewrt-devel] development status update
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Glad I could help, Thomas!

So help me out here.  The current linksys code in rc/firewall.c says
this:

    /* Clamp TCP MSS to PMTU of WAN interface */
    if( nvram_match("wan_proto", "pppoe") || nvram_match("mtu_enable",
"1") )
        save2file("-A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss
--mss %d: -j TCPMSS "
              "--set-mss %d\n", atoi(nvram_safe_get("wan_mtu"))-39,
atoi(nvram_safe_get("wan_mtu"))-40);


Do we just need to add "--clamp-mss-to-pmtu" to the end of that?

-Irving


On Thu, 2004-05-06 at 16:59, Thomas Arden wrote:
> Hi Irving,
> your hint was wright, with
> iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS 
> --clamp-mss-to-pmtu
> which we found in the man iptables, we solve the Problem (-:
> now we have this:
> iptables -n -vL
> Chain INPUT (policy ACCEPT 475 packets, 35386 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
> 
> Chain FORWARD (policy ACCEPT 7 packets, 664 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
>     0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
> tcp flags:0x06/0x02 TCPMSS clamp to PMTU
> 
> Chain OUTPUT (policy ACCEPT 466 packets, 97586 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
> 
> We use Fastpath ADSL that needs a MTU of 1492.
> 
> Thank you very much.
> 
> Tom
> 
> 
> Am Donnerstag, 6. Mai 2004 22:56 schrieben Sie:
> > Hi Thomas!
> >
> > On Thu, 2004-05-06 at 05:12, Thomas Arden wrote:
> > > Hi Irving,
> > > I have tested three firmwares:
> > > Sveasoft Satori_v2_2.00.8.7sv-pre3
> > > Firmware_Satori-pre3_6G
> > > ewrt-0.2-beta1.bin
> >
> > Unfortunately, we don't have access to the non-free Sveasoft firmware.
> > Our distribution is based on Sveasoft 2.00.8.6sv (Samadhi2) with some
> > fixes from Satori-pre1.
> >
> > Can you reproduce your issues with Samadhi2, Satori-pre1 or the latest
> > Linksys code?
> >
> > > Settings:
> > > Standard configuration, no changes in iptables.
> > > MTU Size 1492, DHCP is on, boot wait is on,
> > > TFtp is on, NTP client enable
> > > all other settings are standard.
> > > DSL Modem is a Lucent CellPipe 20 Series
> > > this are all informations, i have at the moment.
> >
> > So you're running PPPOE over ADSL and you have a non-standard MTU size?
> > My only guess as to why some websites don't work and others do is
> > because Path MTU discovery is broken.  This could also be an iptables
> > thing.  If you do an "iptables -n -vL" do you see something about tcpmss
> > in the FORWARD chain?
> > Linksys code is supposed to setup MSS if PPPoE is on and the MTU is
> > changed.  but the iptables tutorial does things differently.  not sure
> > what is correct here.
> >
> >
> > I can't tell you what has specifically changed in Sveasoft since James
> > stopped releasing his code, but if you find a fix I'd consider including
> > it.  We don't have any PPPOE/ADSL sites to test ourselves.
> >
> > good luck,
-- 
Irving Popovetsky               Information Security Consultant
ProStructure Consulting             http://www.prostructure.com
Network and Security Consulting           phone: (503) 288-1566
  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://portless.net/pipermail/ewrt-devel/attachments/20040506/cca76b29/attachment.bin

• Previous message: [Ewrt-devel] Re: Addendum to ewrt/README
• Next message: [Ewrt-devel] development status update
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]