[Voyage-linux] Anybody using pppd on voyage-0.5.2 and masquerading?

Beat Meier (spam-protected)
Thu Sep 11 22:43:16 HKT 2008 

Hello

After done some more tests with ftp login working but get binary file not
directory listing working if not much output but with hughe output not ...
and that even no qos no table routing only "plain" routing wiht masquerade.
It seems that either pppd or other masquerading module does do an other
initialization...
It seems that target TCPMSS with packet size is missing and this could be
the problem because with short packets it seems to work (google page works)
but others not etc. etc.
So my question now:
How can I set the following behaviour for FORWARD queue?

  149  7452 TCPMSS     tcp  --  any    ppp0    anywhere             
anywhere            tcp flags:SYN,RST/SYN tcpmss match 1400:1536 TCPMSS 
clamp to PMTU

(see also output below).

Greetings and thanks:

Here output of the old and new system.


############### Old system which works right #########################
gw_servirap:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
TCPMSS     tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST/SYN tcpmss match 1400:1536 TCPMSS clamp to PMTU
ACCEPT     all  --  10.99.0.10           anywhere
ACCEPT     all  --  anywhere             10.99.0.10
ACCEPT     all  --  10.99.0.200          anywhere
ACCEPT     all  --  anywhere             10.99.0.200
DROP       all  --  10.99.0.0/24         anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

####################

gw_servirap:~# iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 1044 packets, 86531 bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain POSTROUTING (policy ACCEPT 12 packets, 794 bytes)
 pkts bytes target     prot opt in     out     source               
destination
  164  6431 MASQUERADE  all  --  any    eth2    anywhere             
anywhere
  650 60648 MASQUERADE  all  --  any    ppp0    anywhere             
anywhere
    4   336 MASQUERADE  all  --  any    eth1    anywhere             
anywhere
    0     0 MASQUERADE  all  --  any    ppp0    anywhere             
anywhere
    0     0 MASQUERADE  all  --  any    eth1    anywhere             
anywhere

Chain OUTPUT (policy ACCEPT 36 packets, 2534 bytes)
 pkts bytes target     prot opt in     out     source               
destination

####################

gw_servirap:~# iptables -L -v
Chain INPUT (policy ACCEPT 1353 packets, 101K bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain FORWARD (policy ACCEPT 17917 packets, 14M bytes)
 pkts bytes target     prot opt in     out     source               
destination
  149  7452 TCPMSS     tcp  --  any    ppp0    anywhere             
anywhere            tcp flags:SYN,RST/SYN tcpmss match 1400:1536 TCPMSS 
clamp to PMTU
    0     0 ACCEPT     all  --  any    any     10.99.0.10           anywhere
    0     0 ACCEPT     all  --  any    any     anywhere             
10.99.0.10
    2   168 ACCEPT     all  --  any    any     10.99.0.200          anywhere
    0     0 ACCEPT     all  --  any    any     anywhere             
10.99.0.200
    0     0 DROP       all  --  any    any     10.99.0.0/24         anywhere

Chain OUTPUT (policy ACCEPT 1337 packets, 273K bytes)
 pkts bytes target     prot opt in     out     source               
destination




############### New system which does not work right 
#########################

gw_servirap_new:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     0    --  10.99.0.10           anywhere
ACCEPT     0    --  anywhere             10.99.0.10
ACCEPT     0    --  10.99.0.200          anywhere
ACCEPT     0    --  anywhere             10.99.0.200
DROP       0    --  10.99.0.0/24         anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

####################

gw_servirap_new:~# iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 684 packets, 69286 bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain POSTROUTING (policy ACCEPT 21 packets, 1434 bytes)
 pkts bytes target     prot opt in     out     source               
destination
  105  4733 MASQUERADE  0    --  any    eth2    anywhere             
anywhere
  416 48259 MASQUERADE  0    --  any    ppp0    anywhere             
anywhere
    2   168 MASQUERADE  0    --  any    eth1    anywhere             
anywhere
    0     0 MASQUERADE  0    --  any    ppp0    anywhere             
anywhere
    0     0 MASQUERADE  0    --  any    eth1    anywhere             
anywhere

Chain OUTPUT (policy ACCEPT 69 packets, 4748 bytes)
 pkts bytes target     prot opt in     out     source               
destination

####################

gw_servirap_new:~# iptables -L -v
Chain INPUT (policy ACCEPT 2025 packets, 705K bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain FORWARD (policy ACCEPT 2630 packets, 505K bytes)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 ACCEPT     0    --  any    any     10.99.0.10           anywhere
    0     0 ACCEPT     0    --  any    any     anywhere             
10.99.0.10
    0     0 ACCEPT     0    --  any    any     10.99.0.200          anywhere
    0     0 ACCEPT     0    --  any    any     anywhere             
10.99.0.200
    0     0 DROP       0    --  any    any     10.99.0.0/24         anywhere

Chain OUTPUT (policy ACCEPT 1609 packets, 152K bytes)
 pkts bytes target     prot opt in     out     source               
destination

More information about the Voyage-linux mailing list