FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-04-2010, 09:21 PM
Andrei Popescu
 
Default Masquerading problems: squeeze via lenny

On Sun,03.Jan.10, 12:14:37, Andrei Popescu wrote:
>
> > Have you checked IPV6 issues discussed recently on debian-devel?
>
> I just tried commenting out
>
> net.ipv6.bindv6only = 1
>
> in /etc/sysctl.d/bindv6only.conf but no change. The Lenny box also has
> IPV6_DISABLED=yes set in shorewall.conf

... and to rule out any ipv6 related troubles I completely disabled ipv6
on both boxes:

lenny (gateway): blacklisted the ipv6 module
squeeze (client): kernel boot parameter ipv6.disable=1

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
 
Old 01-05-2010, 06:53 AM
Antonio Perez
 
Default Masquerading problems: squeeze via lenny

Andrei Popescu wrote:

> on the gateway in /etc/ppp/peers/provider and ifconfig ppp0 correctly
> shows the new setting, but no change. Thanks for the hint though.

Hi:

You could start a Wireshark capture on both the LAN and the PPP before
performing the wget command and compare both.

--
Antonio Perez


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-05-2010, 06:18 PM
Andrei Popescu
 
Default Masquerading problems: squeeze via lenny

On Tue,05.Jan.10, 03:53:22, Antonio Perez wrote:

> You could start a Wireshark capture on both the LAN and the PPP before
> performing the wget command and compare both.

I installed tshark (I only have ssh access as both machines are in a
different city) on the gateway, but unfortunately I can't tell what are
the interesting packets due to the "background noise" on ppp0.

What am I looking for? A filter expression would be very helpful here as
this is the first time I'm doing such traffic analysis.

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
 
Old 01-05-2010, 06:40 PM
Antonio Perez
 
Default Masquerading problems: squeeze via lenny

Andrei Popescu wrote:

> On Tue,05.Jan.10, 03:53:22, Antonio Perez wrote:
>
>> You could start a Wireshark capture on both the LAN and the PPP before
>> performing the wget command and compare both.
>
> I installed tshark (I only have ssh access as both machines are in a
> different city) on the gateway, but unfortunately I can't tell what are
> the interesting packets due to the "background noise" on ppp0.
>
> What am I looking for? A filter expression would be very helpful here as
> this is the first time I'm doing such traffic analysis.

Filter udp destination port 53 (DNS) in both the LAN and PPP and compare.
hint: udp.dstport==53
analyze if dns requests are being correctly resolved.


As you are using this commands:
$ wget www.google.com
$ wget www.livecdlist.com
which both work on port 80, filter the destination port 80 and compare.
hint: tcp.dstport==80

Are the lists of packets any different between the lenny and squeeze setups?


If you have no experience with packet analysis, it would be very difficult
to explain it all in this list. Sorry.

--
Antonio Perez


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-05-2010, 07:39 PM
Antonio Perez
 
Default Masquerading problems: squeeze via lenny

Antonio Perez wrote:

> which both work on port 80, filter the destination port 80 and compare.
> hint: tcp.dstport==80

also you may add the dest IP or any other relevant factor to reduce noise:

for wget http://www.google.com :
tcp.dstport==80 and ip.addr==74.125.159.1/24

for http://www.livecdlist.com:
tcp.dstport==80 and ip.addr==74.81.93.114


Note: google.com site resolves to several addresses, so a /24 range will
cover all of them.


--
Antonio Perez


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-06-2010, 12:20 AM
Andrei Popescu
 
Default Masquerading problems: squeeze via lenny

On Sun,03.Jan.10, 10:30:18, Andrei Popescu wrote:

[...]

> The problem is that some websites work flawlessly from the squeeze box
> and some stall. The same sites are ok from the lenny box. Here are

Turned out it was a problem with Path MTU Discovery[1] and setting

CLAMPMSS=YES

in shorewall.conf solved it.

[1] http://lartc.org/howto/lartc.cookbook.mtu-mss.html

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
 
Old 01-07-2010, 10:01 AM
Osamu Aoki
 
Default Masquerading problems: squeeze via lenny

Hi,

You already solved this problem but ... But this explain where is the
disconnect.

On Tue, Jan 05, 2010 at 12:19:09AM +0200, Andrei Popescu wrote:
> On Mon,04.Jan.10, 16:32:42, Osamu Aoki wrote:
> > Hi,
> >
> > On Sun, Jan 03, 2010 at 07:45:07PM +0100, Marc Schröder wrote:
> > > its better to setup a propper mtu size on the gateway. then all
> > > clients behind will work without extra modifications.
> >
> > Yes, if the problem is caused by a gateway you control, this is the root
> > cause fix.
> >
> > This is done, as I understand, via iptables. Read manpage of iptable
> > under TCPMSS. It is described there.
>
> I set
>
> mtu 1454

Agh... That was not meant for action... no wonder

> on the gateway in /etc/ppp/peers/provider and ifconfig ppp0 correctly
> shows the new setting, but no change. Thanks for the hint though.

mtu is restricted by mss clamping as gateway PC as you were successful
root cause fix. TCPMSS talks about it.

mtu setting is for client PC as a quick workaround.

Osamu


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 12:53 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org