This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PPPoE problems

I am PPPoE newbie and have some problem.
Some websites don't come up on browser.

www.yahoo.co.jp, or www.infoseek.co.jp.
ping www.yahoo.co.jp /f /l 1426 ... well,
ping www.yahoo.co.jp /f /l 1427 ... fail.

Probably, cause is these webserver's filtered ICMP. and PPPoE MTU problem.

so, I searched and found write below is well,
Code:

 
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

whare can I write these codes?

This thread was automatically locked due to age.

Parents

0 Xeno over 21 years ago

The best would be to reduce the MTU on your clients. For windows you could use Dr.TCP for doing this.
By the way, for informations about DSL you will find many usefull informations here. But in german.

Cheers
Xeno
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Xeno over 21 years ago

The best would be to reduce the MTU on your clients. For windows you could use Dr.TCP for doing this.
By the way, for informations about DSL you will find many usefull informations here. But in german.

Cheers
Xeno
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 William Warren over 21 years ago in reply to Xeno

for hte english side for good dsl informat http://www.dslreports.com
Cancel
Vote Up 0 Vote Down

Cancel
0 una over 21 years ago in reply to Xeno

Thanks, All.
On PPPoE Interface, [MTU] textbox didn't appear.
and, the command,

/usr/local/sbin/iptables -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

makes well browsing on any sites!
I entered this command on SSH, But I don't want enter this command anytime after boot.
I tried to add this command to some files, but they weren't valid.
files:
/etc/rc.d/boot
/etc/rc.d/rc.astaro

whare can i write this command?
Cancel
Vote Up 0 Vote Down

Cancel
0 una over 21 years ago in reply to una

I found right answer is write command in /etc/rc.d/ipfilter.local .
But when I write it, the command excuted three times!

what's the wrong??
Cancel
Vote Up 0 Vote Down

Cancel
0 anonymous_02 over 21 years ago in reply to una
Hi una.

ipfilter.local is called whenever a iptables filter Chain has changed.
you should ensure, that you set your rule only if the FORWARD Chain has changed.

Code:

# untested pseudo code
oldmd5sum=`cat /tmp/tmpfile`
iptables -L FORWARD -n | md5sum > /tmp/tmpfile
md5sum=`cat /tmp/tmpfile`

if test oldmd5sum != md5sum ; then
/usr/local/sbin/iptables -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
fi

hope this answered your question

Daniel
Cancel
Vote Up 0 Vote Down

Cancel
0 una over 21 years ago in reply to anonymous_02

dstutz, Thanks your reply.

your codes work, but the filter is still inserted three times.
finally I simply wrote the codes like below to ipfilter.local.

/usr/local/sbin/iptables -D FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
/usr/local/sbin/iptables -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

it works fine, and satisfied me.

I say thanks again to all persons that replyed to my article.
Cancel
Vote Up 0 Vote Down

Cancel
0 helpinghand over 21 years ago in reply to una

I really don't understand why /usr/local/sbin/iptables -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
isn't implemented in Astaro by default.

Helpinghand
Cancel
Vote Up 0 Vote Down

Cancel