Board index Linux Networking

Linux DSL router box/firewall problem

Linux DSL router box/firewall problem

Post by Stan Dow » Thu, 22 Apr 2004 11:41:40



I'm running a dsl router using coyote linux and the 'seawall' firewall.
I have Verizon dsl and have been running Win98SE comuters a long while.
We just got a WinXP machine and find that certain programs 'drop' the
internet connection, such as streaming applications like RealOne,
Webshots, Weatherbug, and Incredimail. Also, the connection breaks when
doing a Windows Update (about at 66 %). Any clues? I am new to Linux, a
friend set up the box for me, but have no contact with him now. I'm told
it's not an unusual configuration.

My appologies if I'm in the wrong group for this. If I am, however,
where should I go?

Thanx in advance.  -S.D.

 
 
 
Top

Linux DSL router box/firewall problem

Post by Clive Dov » Thu, 22 Apr 2004 12:15:16



> I'm running a dsl router using coyote linux and the 'seawall'
> firewall. I have Verizon dsl and have been running Win98SE comuters a
> long while. We just got a WinXP machine and find that certain programs
> 'drop' the internet connection, such as streaming applications like
> RealOne, Webshots, Weatherbug, and Incredimail. Also, the connection
> breaks when doing a Windows Update (about at 66 %). Any clues? I am
> new to Linux, a friend set up the box for me, but have no contact with
> him now. I'm told it's not an unusual configuration.

> My appologies if I'm in the wrong group for this. If I am, however,
> where should I go?

> Thanx in advance.  -S.D.

I am unclear from your message.

Are you having loss of connection problems when using Linux or are you
having the problems when using XP?

Clive

 
 
 
Top

Linux DSL router box/firewall problem

Post by David Efflan » Fri, 23 Apr 2004 03:09:00



> I'm running a dsl router using coyote linux and the 'seawall' firewall.
> I have Verizon dsl and have been running Win98SE comuters a long while.
> We just got a WinXP machine and find that certain programs 'drop' the
> internet connection, such as streaming applications like RealOne,
> Webshots, Weatherbug, and Incredimail. Also, the connection breaks when
> doing a Windows Update (about at 66 %). Any clues? I am new to Linux, a
> friend set up the box for me, but have no contact with him now. I'm told
> it's not an unusual configuration.

Maybe your firewall is too secure and blocking mtu path discovery.  PPPoE
has an 8-byte header so its max mtu is 1492.  Maybe XP is setting MSS
1460, so the other side thinks it can send 1500 byte packets, but they get
fragmented or blocked by the 1492 byte pppoe hole.

While I have never had any trouble accessing the internet from behind a
Linux or hardware router, I have had trouble with connections initiated
from internet (incoming smtp would timeout waiting for data transfer).  My
solution was to set LAN nic of smtp server to same mtu 1492 as my pppoe.  
In Linux mtu can be set on the fly with ifconfig, but I would not know how
to do that in XP.

--
David Efflandt - All spam ignored  http://www.de-srv.com/
http://www.autox.chicago.il.us/  http://www.berniesfloral.net/

 
 
 
Top

1. Problem DSL Router <-> Firewall Router <-> Clients

Hello,

I would like to setup the following network configuration.

DSL Router <-> Firewall Router <-> Clients

I use static IPs, DHCP is disabled everywhere.

DSL Router
----------
- IP: 192.168.1.2
- does all NAT stuff, integrated DNS Server
- Route for network 192.168.0.0 set to 192.168.1.1

Firewall Router
---------------
- Linux machine with iptables firewall
- NIC connected with DSL Router: 192.168.1.1
- NIC connected with Clients   : 192.168.0.20

Clients
-------
All in 192.168.0.0 network
Default Gateway: 192.168.0.20
DNS entry: 192.168.1.2 and other

I can't establish a connection, for instance for http. Currently the
firewall has no rules which drop packets, so this should not cause the
error:

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW

I logged traffic with tcpdump at eth0 and eth1 in the firewall router.
Perhaps somebody can find out the problem. Traffic was logged while trying
to access an url www.spiegel.de.

eth0:
21:56:13.217316 192.168.1.2.53 > 192.168.0.2.1026: 2702 4/0/0 CNAME[|domain]
21:56:13.225296 192.168.0.2.1161 > 213.200.97.168.80: S
3917602455:3917602455(0) win 16384 <mss 1432,nop,nop,sackOK> (DF)
21:56:17.225336 192.168.0.2.1161 > 213.200.97.168.80: S
3917602455:3917602455(0) win 16384 <mss 1432,nop,nop,sackOK> (DF)
21:56:19.205192 arp who-has 192.168.0.2 tell 192.168.0.20
21:56:19.225350 192.168.0.2.1163 > 195.71.11.67.80: S
3263991039:3263991039(0) win 16384 <mss 1432,nop,nop,sackOK> (DF)
21:56:19.355293 arp reply 192.168.0.2 is-at <mac>
21:56:21.355341 192.168.0.2.1163 > 195.71.11.67.80: S
3263991039:3263991039(0) win 16384 <mss 1432,nop,nop,sackOK> (DF)
21:56:22.245295 192.168.0.2.1161 > 213.200.97.168.80: S
3917602455:3917602455(0) win 16384 <mss 1432,nop,nop,sackOK> (DF)
21:56:27.245343 192.168.0.2.1163 > 195.71.11.67.80: S
3263991039:3263991039(0) win 16384 <mss 1432,nop,nop,sackOK> (DF)
21:56:35.245363 192.168.0.2.1165 > 213.200.97.166.80: S
3719467109:3719467109(0) win 16384 <mss 1432,nop,nop,sackOK> (DF)
21:56:38.245367 192.168.0.2.1165 > 213.200.97.166.80: S
3719467109:3719467109(0) win 16384 <mss 1432,nop,nop,sackOK> (DF)

eth1:
21:55:18.658322 192.168.1.2.53 > 192.168.0.2.1026: 63104 4/0/0
CNAME[|domain]
21:55:24.585228 arp who-has 192.168.1.2 tell 192.168.1.1
21:55:24.585590 arp reply 192.168.1.2 is-at <mac>

Do I have a mtu problem? I integrated this line for iptables:
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
No success.

I also tried to vary the mtu of the firewall NICs 1500 / 1472 / 1432: no
success.

What else could be the reason?

Thomas

2. Need help picking new soundcard ...

3. Linux box + Speedtouch Pro router: how to do firewall on Linux box

4. Newbie questions (KDE3)

5. DSL router / firewall problem

6. KadbitchaFag.

7. linux box as router for my DSL + Oracle srv ...how?

8. Port forwarding setup

9. Cisco 768 DSL Router/Linux Firewall Configuration

10. Linux firewall behind Cisco DSL Router

11. two dsl connections, two routers, dual nics on linux box , want to run two websites

12. 2 DSL's, 2 Routers, 2 NIC's, 1 Linux Box

13. Linux router vs Netopia router on DSL


All times are UTC
Board index