Packet lost problem

**hugo** · 12-03-2005, 17:46

Hi,

I have a problem with a remote control program. This program connect to my router using port 443, and the router NAT it to my lan on port 82 to the client computer.

As I explained in a previous thread, for reference, this connection is working for my airport router, but not with my Wl-HDD with Oleg's latest firmware.

I've been nailing down the problem using network capture. On the first sample, the connection is correctly established. I've removed previous frames as they have the same size on both case and they are just setting up the connection.

Here is the good one::

Code:

No.     Time        Source                Destination           Protocol Info
     41 8.828783    192.168.1.10           xxx.xx.x.x            TCP      82 > 64267 [PSH, ACK] Seq=582 Ack=909 Win=31860 Len=14

Frame 41 (68 bytes on wire, 68 bytes captured)
Ethernet II, Src: 00:12:79:46:xx:xx, Dst: 00:11:24:00:xx:xx
Internet Protocol, Src Addr: 192.168.1.10 (192.168.1.10), Dst Addr: xxx.xx.x.x (xxx.xx.x.x)
Transmission Control Protocol, Src Port: 82 (82), Dst Port: 64267 (64267), Seq: 582, Ack: 909, Len: 14
    Source port: 82 (82)
    Destination port: 64267 (64267)
    Sequence number: 582    (relative sequence number)
    Next sequence number: 596    (relative sequence number)
    Acknowledgement number: 909    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 31860
    Checksum: 0x808b (correct)
Data (14 bytes)

0000  0e 00 04 03 00 00 00 00 12 00 52 02 e0 01         ..........R...

No.     Time        Source                Destination           Protocol Info
     42 8.881276    xxx.xx.x.x            192.168.1.10           TCP      64267 > 82 [ACK] Seq=909 Ack=596 Win=63805 Len=0

Frame 42 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:11:24:00:xx:xx, Dst: 00:12:79:46:xx:xx
Internet Protocol, Src Addr: xxx.xx.x.x (xxx.xx.x.x), Dst Addr: 192.168.1.10 (192.168.1.10)
Transmission Control Protocol, Src Port: 64267 (64267), Dst Port: 82 (82), Seq: 909, Ack: 596, Len: 0
    Source port: 64267 (64267)
    Destination port: 82 (82)
    Sequence number: 909    (relative sequence number)
    Acknowledgement number: 596    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 63805
    Checksum: 0x59d1 (correct)
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 41
        The RTT to ACK the segment was: 0.052493000 seconds

No.     Time        Source                Destination           Protocol Info
     44 9.262571    xxx.xx.x.x            192.168.1.10           TCP      64267 > 82 [ACK] Seq=909 Ack=596 Win=63805 Len=1400

Frame 44 (1454 bytes on wire, 1454 bytes captured)
Ethernet II, Src: 00:11:24:00:xx:xx, Dst: 00:12:79:46:xx:xx
Internet Protocol, Src Addr: xxx.xx.x.x (xxx.xx.x.x), Dst Addr: 192.168.1.10 (192.168.1.10)
Transmission Control Protocol, Src Port: 64267 (64267), Dst Port: 82 (82), Seq: 909, Ack: 596, Len: 1400
    Source port: 64267 (64267)
    Destination port: 82 (82)
    Sequence number: 909    (relative sequence number)
    Next sequence number: 2309    (relative sequence number)
    Acknowledgement number: 596    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 63805
    Checksum: 0xd274 (correct)
Data (1400 bytes)


No.     Time        Source                Destination           Protocol Info
     45 9.264103    xxx.xx.x.x            192.168.1.10           TCP      64267 > 82 [ACK] Seq=2309 Ack=596 Win=63805 Len=1400

Frame 45 (1454 bytes on wire, 1454 bytes captured)
Ethernet II, Src: 00:11:24:00:xx:xx, Dst: 00:12:79:46:xx:xx
Internet Protocol, Src Addr: xxx.xx.x.x (xxx.xx.x.x), Dst Addr: 192.168.1.10 (192.168.1.10)
Transmission Control Protocol, Src Port: 64267 (64267), Dst Port: 82 (82), Seq: 2309, Ack: 596, Len: 1400
    Source port: 64267 (64267)
    Destination port: 82 (82)
    Sequence number: 2309    (relative sequence number)
    Next sequence number: 3709    (relative sequence number)
    Acknowledgement number: 596    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 63805
    Checksum: 0xcf8f (correct)
Data (1400 bytes)


No.     Time        Source                Destination           Protocol Info
     46 9.265309    xxx.xx.x.x            192.168.1.10           TCP      64267 > 82 [PSH, ACK] Seq=3709 Ack=596 Win=63805 Len=1058

Frame 46 (1112 bytes on wire, 1112 bytes captured)
Ethernet II, Src: 00:11:24:00:xx:xx, Dst: 00:12:79:46:xx:xx
Internet Protocol, Src Addr: xxx.xx.x.x (xxx.xx.x.x), Dst Addr: 192.168.1.10 (192.168.1.10)
Transmission Control Protocol, Src Port: 64267 (64267), Dst Port: 82 (82), Seq: 3709, Ack: 596, Len: 1058
    Source port: 64267 (64267)
    Destination port: 82 (82)
    Sequence number: 3709    (relative sequence number)
    Next sequence number: 4767    (relative sequence number)
    Acknowledgement number: 596    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 63805
    Checksum: 0xf6dc (correct)
Data (1058 bytes)


No.     Time        Source                Destination           Protocol Info
     47 9.265908    192.168.1.10           xxx.xx.x.x            TCP      82 > 64267 [ACK] Seq=596 Ack=3709 Win=32768 Len=0

Frame 47 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:12:79:46:xx:xx, Dst: 00:11:24:00:xx:xx
Internet Protocol, Src Addr: 192.168.1.10 (192.168.1.10), Dst Addr: xxx.xx.x.x (xxx.xx.x.x)
Transmission Control Protocol, Src Port: 82 (82), Dst Port: 64267 (64267), Seq: 596, Ack: 3709, Len: 0
    Source port: 82 (82)
    Destination port: 64267 (64267)
    Sequence number: 596    (relative sequence number)
    Acknowledgement number: 3709    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 32768
    Checksum: 0xc81e (correct)
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 45
        The RTT to ACK the segment was: 0.001805000 seconds

No.     Time        Source                Destination           Protocol Info
     48 9.427169    192.168.1.10           xxx.xx.x.x            TCP      82 > 64267 [ACK] Seq=596 Ack=4767 Win=31710 Len=0

Frame 48 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:12:79:46:xx:xx, Dst: 00:11:24:00:xx:xx
Internet Protocol, Src Addr: 192.168.1.10 (192.168.1.10), Dst Addr: xxx.xx.x.x (xxx.xx.x.x)
Transmission Control Protocol, Src Port: 82 (82), Dst Port: 64267 (64267), Seq: 596, Ack: 4767, Len: 0
    Source port: 82 (82)
    Destination port: 64267 (64267)
    Sequence number: 596    (relative sequence number)
    Acknowledgement number: 4767    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 31710
    Checksum: 0xc81e (correct)
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 46
        The RTT to ACK the segment was: 0.161860000 seconds

Data is send using big packet (1400 bytes)

Everything is fine.

On the bad try on wl-hdd, I have this result: a packet is lost:

**hugo** · 12-03-2005, 17:51

Code:

No.     Time        Source                Destination           Protocol Info
     74 26.952047   xxx.xx.x.x            192.168.1.10          TCP      49962 > 82 [ACK] Seq=909 Ack=582 Win=63659 Len=0

Frame 74 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:11:2f:73:xx:xx, Dst: 00:12:79:46:xx:xx
Internet Protocol, Src Addr: xxx.xx.x.x (xxx.xx.x.x), Dst Addr: 192.168.1.10 (192.168.1.10)
Transmission Control Protocol, Src Port: 49962 (49962), Dst Port: 82 (82), Seq: 909, Ack: 582, Len: 0
    Source port: 49962 (49962)
    Destination port: 82 (82)
    Sequence number: 909    (relative sequence number)
    Acknowledgement number: 582    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 63659
    Checksum: 0xd4f1 (correct)
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 72
        The RTT to ACK the segment was: 0.075595000 seconds

No.     Time        Source                Destination           Protocol Info
     75 27.131302   xxx.xx.x.x            192.168.1.10          TCP      49962 > 82 [PSH, ACK] Seq=909 Ack=596 Win=63645 Len=1338

Frame 75 (1392 bytes on wire, 1392 bytes captured)
Ethernet II, Src: 00:11:2f:73:xx:xx, Dst: 00:12:79:46:xx:xx
Internet Protocol, Src Addr: xxx.xx.x.x (xxx.xx.x.x), Dst Addr: 192.168.1.10 (192.168.1.10)
Transmission Control Protocol, Src Port: 49962 (49962), Dst Port: 82 (82), Seq: 909, Ack: 596, Len: 1338
    Source port: 49962 (49962)
    Destination port: 82 (82)
    Sequence number: 909    (relative sequence number)
    Next sequence number: 2247    (relative sequence number)
    Acknowledgement number: 596    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 63645
    Checksum: 0xcbc8 (correct)
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 73
        The RTT to ACK the segment was: 0.220716000 seconds
Data (1338 bytes)
No.     Time        Source                Destination           Protocol Info
     76 27.336533   192.168.1.10          xxx.xx.x.x            TCP      82 > 49962 [ACK] Seq=596 Ack=2247 Win=32768 Len=0

Frame 76 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:12:79:46:xx:xx, Dst: 00:11:2f:73:xx:xx
Internet Protocol, Src Addr: 192.168.1.10 (192.168.1.10), Dst Addr: xxx.xx.x.x (xxx.xx.x.x)
Transmission Control Protocol, Src Port: 82 (82), Dst Port: 49962 (49962), Seq: 596, Ack: 2247, Len: 0
    Source port: 82 (82)
    Destination port: 49962 (49962)
    Sequence number: 596    (relative sequence number)
    Acknowledgement number: 2247    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 32768
    Checksum: 0x4855 (correct)
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 75
        The RTT to ACK the segment was: 0.205231000 seconds

No.     Time        Source                Destination           Protocol Info
     77 30.721010   192.168.1.10          xxx.xx.x.x            TCP      82 > 49962 [PSH, ACK] Seq=596 Ack=2247 Win=32768 Len=12

Frame 77 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:12:79:46:xx:xx, Dst: 00:11:2f:73:xx:xx
Internet Protocol, Src Addr: 192.168.1.10 (192.168.1.10), Dst Addr: xxx.xx.x.x (xxx.xx.x.x)
Transmission Control Protocol, Src Port: 82 (82), Dst Port: 49962 (49962), Seq: 596, Ack: 2247, Len: 12
    Source port: 82 (82)
    Destination port: 49962 (49962)
    Sequence number: 596    (relative sequence number)
    Next sequence number: 608    (relative sequence number)
    Acknowledgement number: 2247    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 32768
    Checksum: 0x233f (correct)
Data (12 bytes)

0000  0b 00 01 00 00 00 13 01 e5 00 21 00               ..........!.

No.     Time        Source                Destination           Protocol Info
     78 30.723469   192.168.1.10          xxx.xx.x.x            TCP      82 > 49962 [PSH, ACK] Seq=608 Ack=2247 Win=32768 Len=12

Frame 78 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:12:79:46:xx:xx, Dst: 00:11:2f:73:xx:xx
Internet Protocol, Src Addr: 192.168.1.10 (192.168.1.10), Dst Addr: xxx.xx.x.x (xxx.xx.x.x)
Transmission Control Protocol, Src Port: 82 (82), Dst Port: 49962 (49962), Seq: 608, Ack: 2247, Len: 12
    Source port: 82 (82)
    Destination port: 49962 (49962)
    Sequence number: 608    (relative sequence number)
    Next sequence number: 620    (relative sequence number)
    Acknowledgement number: 2247    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 32768
    Checksum: 0x1933 (correct)
Data (12 bytes)

0000  0b 00 01 00 00 00 13 01 e0 00 30 00               ..........0.

No.     Time        Source                Destination           Protocol Info
     79 30.789783   xxx.xx.x.x            192.168.1.10          TCP      49962 > 82 [ACK] Seq=2247 Ack=620 Win=63621 Len=0

Frame 79 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:11:2f:73:xx:xx, Dst: 00:12:79:46:xx:xx
Internet Protocol, Src Addr: xxx.xx.x.x (xxx.xx.x.x), Dst Addr: 192.168.1.10 (192.168.1.10)
Transmission Control Protocol, Src Port: 49962 (49962), Dst Port: 82 (82), Seq: 2247, Ack: 620, Len: 0
    Source port: 49962 (49962)
    Destination port: 82 (82)
    Sequence number: 2247    (relative sequence number)
    Acknowledgement number: 620    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 63621
    Checksum: 0xcfb7 (correct)
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 78
        The RTT to ACK the segment was: 0.066314000 seconds

No.     Time        Source                Destination           Protocol Info
     80 31.030234   xxx.xx.x.x            192.168.1.10          TCP      49962 > 82 [PSH, ACK] Seq=2247 Ack=620 Win=63621 Len=1072

Frame 80 (1126 bytes on wire, 1126 bytes captured)
Ethernet II, Src: 00:11:2f:73:xx:xx, Dst: 00:12:79:46:xx:xx
Internet Protocol, Src Addr: xxx.xx.x.x (xxx.xx.x.x), Dst Addr: 192.168.1.10 (192.168.1.10)
Transmission Control Protocol, Src Port: 49962 (49962), Dst Port: 82 (82), Seq: 2247, Ack: 620, Len: 1072
    Source port: 49962 (49962)
    Destination port: 82 (82)
    Sequence number: 2247    (relative sequence number)
    Next sequence number: 3319    (relative sequence number)
    Acknowledgement number: 620    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 63621
    Checksum: 0xbda1 (correct)
Data (1072 bytes)


No.     Time        Source                Destination           Protocol Info
     81 31.186223   192.168.1.10          xxx.xx.x.x            TCP      82 > 49962 [ACK] Seq=620 Ack=3319 Win=31696 Len=0

Frame 81 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:12:79:46:xx:xx, Dst: 00:11:2f:73:xx:xx
Internet Protocol, Src Addr: 192.168.1.10 (192.168.1.10), Dst Addr: xxx.xx.x.x (xxx.xx.x.x)
Transmission Control Protocol, Src Port: 82 (82), Dst Port: 49962 (49962), Seq: 620, Ack: 3319, Len: 0
    Source port: 82 (82)
    Destination port: 49962 (49962)
    Sequence number: 620    (relative sequence number)
    Acknowledgement number: 3319    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
    Window size: 31696
    Checksum: 0x483d (correct)
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 80
        The RTT to ACK the segment was: 0.155989000 seconds

Here is the lost packet, following this:

**hugo** · 12-03-2005, 17:51

Code:

No.     Time        Source                Destination           Protocol Info
     82 31.330373   xxx.xx.x.x            192.168.1.10          TCP      [TCP Previous segment lost] 49962 > 82 [PSH, ACK] Seq=6239 Ack=620 Win=63621 Len=24

Frame 82 (78 bytes on wire, 78 bytes captured)
Ethernet II, Src: 00:11:2f:73:xx:xx, Dst: 00:12:79:46:xx:xx
Internet Protocol, Src Addr: xxx.xx.x.x (xxx.xx.x.x), Dst Addr: 192.168.1.10 (192.168.1.10)
Transmission Control Protocol, Src Port: 49962 (49962), Dst Port: 82 (82), Seq: 6239, Ack: 620, Len: 24
    Source port: 49962 (49962)
    Destination port: 82 (82)
    Sequence number: 6239    (relative sequence number)
    Next sequence number: 6263    (relative sequence number)
    Acknowledgement number: 620    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 63621
    Checksum: 0x5b25 (correct)
    SEQ/ACK analysis
        TCP Analysis Flags
            A segment before this frame was lost
Data (24 bytes)

0000  05 d6 55 81 39 15 98 ae 94 63 f9 0a cc ae c0 32   ..U.9....c.....2
0010  2a 61 ff 01 bc 62 37 a9                           *a...b7.

No.     Time        Source                Destination           Protocol Info
     83 31.333492   192.168.1.10          xxx.xx.x.x            TCP      [TCP Dup ACK 81#1] 82 > 49962 [ACK] Seq=620 Ack=3319 Win=31696 Len=0 SLE=1365833118 SRE=1365833142

Frame 83 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:12:79:46:xx:xx, Dst: 00:11:2f:73:xx:xx
Internet Protocol, Src Addr: 192.168.1.10 (192.168.1.10), Dst Addr: xxx.xx.x.x (xxx.xx.x.x)
Transmission Control Protocol, Src Port: 82 (82), Dst Port: 49962 (49962), Seq: 620, Ack: 3319, Len: 0
    Source port: 82 (82)
    Destination port: 49962 (49962)
    Sequence number: 620    (relative sequence number)
    Acknowledgement number: 3319    (relative ack number)
    Header length: 32 bytes
    Flags: 0x0010 (ACK)
    Window size: 31696
    Checksum: 0x83ff (correct)
    Options: (12 bytes)
    SEQ/ACK analysis
        The RTT to ACK the segment was: 1110644376.945946000 seconds
        TCP Analysis Flags
            This is a TCP duplicate ack
        Duplicate ACK #: 1
        Duplicate to the ACK in frame: 81

No.     Time        Source                Destination           Protocol Info
     84 34.130379   192.168.1.10          xxx.xx.x.x            TCP      82 > 49962 [PSH, ACK] Seq=620 Ack=3319 Win=31696 Len=12

Frame 84 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:12:79:46:xx:xx, Dst: 00:11:2f:73:xx:xx
Internet Protocol, Src Addr: 192.168.1.10 (192.168.1.10), Dst Addr: xxx.xx.x.x (xxx.xx.x.x)
Transmission Control Protocol, Src Port: 82 (82), Dst Port: 49962 (49962), Seq: 620, Ack: 3319, Len: 12
    Source port: 82 (82)
    Destination port: 49962 (49962)
    Sequence number: 620    (relative sequence number)
    Next sequence number: 632    (relative sequence number)
    Acknowledgement number: 3319    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 31696
    Checksum: 0x2227 (correct)
Data (12 bytes)

0000  0b 00 01 00 00 00 4d 01 ac 00 21 00               ......M...!.

The packet loss is systematic. I get it at each connection. I tried to set MTU to 1400, and to set mss to pmtu, but with no result.

Here is my iptable result:

Code:

[admin@wl-hdd root]$ iptables -nL -v
Chain INPUT (policy DROP 1321 packets, 64790 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          state INVALID
 5069  446K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
  288 17032 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0          state NEW
 1783  626K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0          state NEW
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:15348 flags:0x16/0x02
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:3000 flags:0x16/0x02
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:7776 flags:0x16/0x02

Chain FORWARD (policy ACCEPT 412 packets, 40730 bytes)
 pkts bytes target     prot opt in     out     source               destination
  213 10224 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x02 TCPMSS clamp to PMTU
 6018 2981K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          state INVALID
    0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0
  197  9456 ACCEPT     tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x02 limit: avg 1/sec burst 5
    0     0 ACCEPT     tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x17/0x04 limit: avg 1/sec burst 5
    0     0 ACCEPT     icmp --  ppp0   *       0.0.0.0/0            0.0.0.0/0          limit: avg 1/sec burst 5 icmp type 8
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.5        tcp dpt:4662
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.10       tcp dpt:82
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.10       udp dpt:82
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:6112

Chain OUTPUT (policy ACCEPT 7147 packets, 1846K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain MACS (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          state INVALID
    0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x06/0x02 tcpmss match 1361:65535TCPMSS set 1360

Chain logaccept (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          state NEW LOG flags 7 level 4 prefix `ACCEPT '
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain logdrop (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          state NEW LOG flags 7 level 4 prefix `DROP'
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
[admin@wl-hdd root]$ iptables -t nat -nL -v
Chain PREROUTING (policy ACCEPT 1760 packets, 116K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            xx.99.x.xxx        tcp dpt:4662 to:192.168.1.5:4662
  132  6336 DNAT       tcp  --  *      *       0.0.0.0/0            xx.99.x.xxx        tcp dpt:443 to:192.168.1.10:82
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            xx.99.x.xxx        udp dpt:443 to:192.168.1.10:82
    0     0 NETMAP     udp  --  *      *       0.0.0.0/0            xx.99.x.xxx        udp spt:6112 192.168.1.0/24

Chain POSTROUTING (policy ACCEPT 426 packets, 23728 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 NETMAP     udp  --  *      *       192.168.1.0/24       0.0.0.0/0          udp dpt:6112 xx.99.x.xxx/32
  324 33332 MASQUERADE  all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0
   12  2277 MASQUERADE  all  --  *      br0     192.168.1.0/24       192.168.1.0/24

Chain OUTPUT (policy ACCEPT 318 packets, 20499 bytes)
 pkts bytes target     prot opt in     out     source               destination

I really don't know what to check next.

Anybody has an idea?

Thanks

**hugo** · 13-03-2005, 12:37

found my solution. It looks like pmtu is only calculated for the router, and not for a nated connection. I had to force a MSS to 1400 in FORWARD and OUTPUT to make it work.

I don't know if this is supposed to work like this, but the clamp mss-to-pmtu doesn't work for nated connections in this case.

**Oleg** · 13-03-2005, 12:53

hm... do you use pptp?

**hugo** · 13-03-2005, 13:00

no, my connection is direct using pppoe.

But for you to know, the protocol used is a bit special, as the data are send in the request packet, not the response one. But still, the initial mss negiciation was always at 1460 on both side until I forced it, even with the --clamp-mss-to-pmtu parameter.

If you look at my firewall rules, I have a rule with a mss set to 1360 using this paramter but the negociation doesn't give any other result than 1460.

I've set MSS to 1400 in FORWARD and OUTPUT rules, but I think only one was needed.

Strangly enough, the airport correctly negociate the MSS to 1400 without any specific parameter.

**hugo** · 13-03-2005, 13:30

In fact, only FORWARD rule was needed, not OUTPUT

**Oleg** · 13-03-2005, 16:40

Originally Posted by hugo

no, my connection is direct using pppoe.

Well, with PPPoE it should clamp to MTU-40, not the PMTU - have you manually changed iptables?

**hugo** · 13-03-2005, 17:03

i've used the iptables command :

Code:

iptables -I FORWARD -p tcp --syn -j TCPMSS --clamp-mss-to-pmtu

Should it be something else?

**Oleg** · 13-03-2005, 17:26

This is the firmware default iptables settings:

Code:

-A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1453: -j TCPMSS --set-mss 1452
-A MACS -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1453: -j TCPMSS --set-mss 1452

Thread: Packet lost problem

Thread Tools

Rate This Thread

Display

Packet lost problem

Similar Threads

Packet loss on WLAN

win2kp + iTunes -> samba share (Invalid packet length)

udp packet loss on wireless

Connection lost

Log message: table full, dropping packet ??

Posting Permissions