troubles with routing

Warriors Prayer · Posted: Mon Nov 18, 2002 6:06 am Post subject: troubles with routing

hi,

i built a router box which does ip masquerading.

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

the router works fine, although the boxes behind it cannot access some pages like www.gmx.de or www.snogard.de. The router itself has got no problems to do so. The MTU if the ppp interface is set to 1492.

Anyone got an idea, why it does not route to some sites?

Thx!
_________________
Abit KT7A RAID, Athlon 1333, 384 MB RAM
Geforce 4, SB Live, Realtek 8139, DAWI 2976 UW
2x Maxtor 34098 H4 RAID0
WD 1000 BB hda
Plextor 1610A ATAPI, Pioneer DVD 303S SCSI
1.4 RC2, Gnome2.2, German

Qubax · Posted: Mon Nov 18, 2002 12:31 pm Post subject:

can you ping those sites?

Warriors Prayer · Posted: Tue Nov 19, 2002 9:27 am Post subject:

hi,

i cannot ping those sites, but a traceroot succeeds even behind the router :-/
_________________
Abit KT7A RAID, Athlon 1333, 384 MB RAM
Geforce 4, SB Live, Realtek 8139, DAWI 2976 UW
2x Maxtor 34098 H4 RAID0
WD 1000 BB hda
Plextor 1610A ATAPI, Pioneer DVD 303S SCSI
1.4 RC2, Gnome2.2, German

Warriors Prayer · Posted: Mon Nov 25, 2002 8:18 am Post subject:

hi

now i set the mtu of eth0 and eth1 down to 1492. gmx.net now works, but not www.nvidia.com.

Again, i can access this website fron the router, not from behind. I can ping and traceroute it, but i can't access it.
_________________
Abit KT7A RAID, Athlon 1333, 384 MB RAM
Geforce 4, SB Live, Realtek 8139, DAWI 2976 UW
2x Maxtor 34098 H4 RAID0
WD 1000 BB hda
Plextor 1610A ATAPI, Pioneer DVD 303S SCSI
1.4 RC2, Gnome2.2, German

bssteph · l33t Joined: 26 Feb 2003 Posts: 653 Location: Wisconsin

This is a bump because I'm having the exact same problems and I've digged through a lot of FAQs and posts to no avail... I brought the MTU for eth0 down as was mentioned on both machines, which worked for my Linux laptop, but not the Windows machines, which I can't find the area to change this setting... Although it doesn't seem like it should be this much of a hassle anyway. Are there any suggestions?

Warriors Prayer · Posted: Tue Mar 04, 2003 8:29 am Post subject:

hi,

what u need is mss clamping.

Simply insert "iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu" in ur /etc/conf.d/iptables.
_________________
Abit KT7A RAID, Athlon 1333, 384 MB RAM
Geforce 4, SB Live, Realtek 8139, DAWI 2976 UW
2x Maxtor 34098 H4 RAID0
WD 1000 BB hda
Plextor 1610A ATAPI, Pioneer DVD 303S SCSI
1.4 RC2, Gnome2.2, German

bssteph · l33t Joined: 26 Feb 2003 Posts: 653 Location: Wisconsin

Wow, that did the trick! I had to recompile my kernel for TCPMSS, but still, worked perfectly.

I (or more accurately, everyone else on the network) thank you.

roaming · n00b Joined: 07 Feb 2003 Posts: 14 Location: NYC

awesome that works for me too.
I started thinking there was something wrong with my gentoo-kernel cause my redhat box was able to get to all these sites with no additional settings. I have been trying to fix this for 2 weeks now.

what is all that MTU and clamping stuff is anyway

Cheers!!