OpenWrt 10.03.1 - + tp-link w trybie bridge - nie działa ~połowa stron www

Question

Witam, mam problem z działaniem internetu po połączeniu tych dwóch routerów. Sprawa wygląda tak:Internet ADSL (neostrada), tp-link w trybie bridge (s...

User removed account · Accepted Answer

Ustaw DNS na komp. - zamiast 192.168.2.1 może być ten od Google: 8.8.8.8. Jeśli internet ruszy to będziesz wiedział co zmienić w konfiguracji routera.

dinos83 · Accepted Answer

Zmień wartość MTU.

User removed account · Accepted Answer

Edytuj plik dhcp:Code:  vi /etc/config/dhcpi dopisz w sekcji: config 'dhcp' 'lan'Code: option 'dhcp-option' 'option&#58;mtu, 1460'Na końcu restart dnsmasq:Code: /etc/init.d/dnsmasq restart - gdyby nie pomogło to zrestartuj router i sprawdź, czy MTU jest prawidłowo przydzielane. W razie problemów pokaż:Code: cat /etc/config/dhcporaz co wypluwa dmesg po restarcie dnsmasq.

rafu997 · Answer

To już właśnie próbowałem. Wstawiłem serwery DNS googla do ipv4 i ipv6. Na kompie i na routerze później też. Bez zmian.

rafu997 · Answer

Właśnie odszukałem artykuł z podobnym problemem i też sugerują MTU. Tylko teraz jeszcze bym prosił o podpowiedź, które MTU zmieniać żeby wszystko się zgrało? Tunel 6in4 mam 1480, połączenie pppoe do neostrady przydziela mi chyba 1492. Spróbuję wszystkie wartości MTU ustawić na 1464, bo dopiero przy tej wartości lecą mi pingi do onetu (ping -f -l 1464 www.onet.pl)

Dodano po 2 [godziny] 9 [minuty]:

Dalej nie mogę ogarnąć tego MTU... ustawiam na interfejsach wan i lan różne wartości i aktualnie większość już działa (np. elektroda). Nie działa mi cały czas wykop.pl. Sprawdzałem pingami z jakim maksymalnym MTU leci i dopiero przy 1432 była odpowiedź (na routerze ustawione było 1460 (lan i wan)). Więc teoretycznie wartości poprawne. Wszystkie strony zaczęły poprawnie działać dopiero po ustawieniu MTU 1460 w Windowsie. Teraz co zrobić żeby router wymuszał takie MTU na podpiętych kompach? Po połączeniu się z routerem przez wifi np. smartfonem dalej część stron nie działa.
Aktualnie na routerze tak to wygląda:

Spoiler:

6in4-wan6 Link encap:IPv6-in-IPv4
inet6 addr: 2001:470:70:2b2::2/64 Scope:Global
inet6 addr: fe80::b22a:2d40/128 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1460 Metric:1
RX packets:54 errors:0 dropped:0 overruns:0 frame:0
TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17988 (17.5 KiB) TX bytes:9888 (9.6 KiB)

br-lan Link encap:Ethernet HWaddr 00:0F:66:D5:CE:E9
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: 2001:470:71:2b2::1/64 Scope:Global
inet6 addr: fe80::20f:66ff:fed5:cee9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1460 Metric:1
RX packets:4548 errors:0 dropped:0 overruns:0 frame:0
TX packets:2730 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:590146 (576.3 KiB) TX bytes:835880 (816.2 KiB)

eth0 Link encap:Ethernet HWaddr 00:0F:66:D5:CE:E9
inet6 addr: fe80::20f:66ff:fed5:cee9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6364 errors:0 dropped:0 overruns:0 frame:0
TX packets:6594 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1552232 (1.4 MiB) TX bytes:1402072 (1.3 MiB)
Interrupt:5

eth0.0 Link encap:Ethernet HWaddr 00:0F:66:D5:CE:E9
inet6 addr: fe80::20f:66ff:fed5:cee9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3045 errors:0 dropped:0 overruns:0 frame:0
TX packets:3608 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:580077 (566.4 KiB) TX bytes:1004448 (980.9 KiB)

eth0.1 Link encap:Ethernet HWaddr 00:0F:66:D5:CE:E9
inet6 addr: fe80::20f:66ff:fed5:cee9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1460 Metric:1
RX packets:3235 errors:0 dropped:0 overruns:0 frame:0
TX packets:2982 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:847922 (828.0 KiB) TX bytes:348596 (340.4 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:340 errors:0 dropped:0 overruns:0 frame:0
TX packets:340 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:24386 (23.8 KiB) TX bytes:24386 (23.8 KiB)

pppoe-wan Link encap:Point-to-Point Protocol
inet addr:178.42.45.64 P-t-P:213.25.2.226 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1460 Metric:1
RX packets:2483 errors:0 dropped:0 overruns:0 frame:0
TX packets:2354 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:776600 (758.3 KiB) TX bytes:265646 (259.4 KiB)

wl0 Link encap:Ethernet HWaddr 00:0F:66:D5:CE:EB
inet6 addr: fe80::20f:66ff:fed5:ceeb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3573 errors:0 dropped:0 overruns:0 frame:4596
TX packets:3940 errors:28 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:722509 (705.5 KiB) TX bytes:1047420 (1022.8 KiB)
Interrupt:4 Base address:0x1000

I wszystkie strony działają tylko na komputerze, na którym wymusiłem mtu 1460

rafu997 · Answer

Niestety nic z tego. Dalej na komputerach nie działają niektóre strony.
cat /etc/config/dhcp:

Spoiler:

config dnsmasq
option domainneeded 1
option boguspriv 1
option filterwin2k 0 # enable for dial on demand
option localise_queries 1
option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
option rebind_localhost 1 # enable for RBL checking and similar services
#list rebind_domain example.lan # whitelist RFC1918 responses for domains
option local '/lan/'
option domain 'lan'
option expandhosts 1
option nonegcache 0
option authoritative 1
option readethers 1
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
#list server '/mycompany.local/1.2.3.4'
#option nonwildcard 1
#list interface br-lan
#list notinterface lo
#list bogusnxdomain '64.94.110.11'

config dhcp lan
option interface lan
option start 100
option limit 150
option 'dhcp-option' 'option:mtu, 1460'
option leasetime 12h

config dhcp wan
option interface wan
option ignore 1

dmesg:

Spoiler:

CPU revision is: 00029007
Primary instruction cache 8kB, physically tagged, 2-way, linesize 16 bytes.
Primary data cache 4kB, 2-way, linesize 16 bytes.
Linux version 2.4.37.9 (jow@nd-build-02.linux-appliance.net) (gcc version 3.4.6 (OpenWrt-2.0)) #12 Wed Dec 21 03:33:39 CET 2011
Determined physical RAM map:
memory: 01000000 @ 00000000 (usable)
On node 0 totalpages: 4096
zone(0): 4096 pages.
zone(1): 0 pages.
zone(2): 0 pages.
Kernel command line: root=/dev/mtdblock2 rootfstype=squashfs,jffs2 init=/etc/preinit noinitrd console=ttyS0,115200
CPU: BCM4712 rev 1 at 200 MHz
Using 100.000 MHz high precision timer.
Calibrating delay loop... 197.83 BogoMIPS
Memory: 14232k/16384k available (1457k kernel code, 2152k reserved, 100k data, 84k init, 0k highmem)
Dentry cache hash table entries: 2048 (order: 2, 16384 bytes)
Inode cache hash table entries: 1024 (order: 1, 8192 bytes)
Mount cache hash table entries: 512 (order: 0, 4096 bytes)
Buffer cache hash table entries: 1024 (order: 0, 4096 bytes)
Page-cache hash table entries: 4096 (order: 2, 16384 bytes)
Checking for 'wait' instruction... unavailable.
POSIX conformance testing by UNIFIX
PCI: Initializing host
PCI: Fixing up bus 0
PCI: Fixing up bridge
PCI: Setting latency timer of device 01:00.0 to 64
PCI: Fixing up bus 1
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
Starting kswapd
Registering mini_fo version $Id$
devfs: v1.12c (20020818) Richard Gooch (rgooch@atnf.csiro.au)
devfs: boot_options: 0x1
JFFS2 version 2.1. (C) 2001 Red Hat, Inc., designed by Axis Communications AB.
squashfs: version 3.0 (2006/03/15) Phillip Lougher
pty: 256 Unix98 ptys configured
Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled
ttyS00 at 0xb8000300 (irq = 3) is a 16550A
ttyS01 at 0xb8000400 (irq = 3) is a 16550A
b44.c:v0.93 (Mar, 2004)
PCI: Setting latency timer of device 00:02.0 to 64
eth0: Broadcom 47xx 10/100BaseT Ethernet 00:0f:66:d5:ce:e9
Physically mapped flash: Found an alias at 0x400000 for the chip at 0x0
Physically mapped flash: Found an alias at 0x800000 for the chip at 0x0
Physically mapped flash: Found an alias at 0xc00000 for the chip at 0x0
Physically mapped flash: Found an alias at 0x1000000 for the chip at 0x0
Physically mapped flash: Found an alias at 0x1400000 for the chip at 0x0
Physically mapped flash: Found an alias at 0x1800000 for the chip at 0x0
Physically mapped flash: Found an alias at 0x1c00000 for the chip at 0x0
cfi_cmdset_0001: Erase suspend on write enabled
0: offset=0x0,size=0x2000,blocks=8
1: offset=0x10000,size=0x10000,blocks=63
Using word write method
Flash device: 0x400000 at 0x1c000000
bootloader size: 262144
Physically mapped flash: Filesystem type: squashfs, size=0x1a99ba
Creating 5 MTD partitions on "Physically mapped flash":
0x00000000-0x00040000 : "cfe"
0x00040000-0x003f0000 : "linux"
0x000bd400-0x00270000 : "rootfs"
mtd: partition "rootfs" doesn't start on an erase block boundary -- force read-only
0x003f0000-0x00400000 : "nvram"
0x00270000-0x003f0000 : "rootfs_data"
sflash: found no supported devices
Initializing Cryptographic API
IEEE 802.2 LLC for Linux 2.1 (c) 1996 Tim Alpaerts
NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP, IGMP
IP: routing cache hash table of 512 buckets, 4Kbytes
TCP: Hash tables configured (established 1024 bind 2048)
Linux IP multicast router 0.06 plus PIM-SM
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
NET4: Ethernet Bridge 008 for NET4.0
802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
All bugs added by David S. Miller <davem@redhat.com>
VFS: Mounted root (squashfs filesystem) readonly.
Mounted devfs on /dev
Freeing unused kernel memory: 84k freed
diag: Detected 'Linksys WRT54G/GS/GL'
b44: eth0: Link is up at 100 Mbps, full duplex.
b44: eth0: Flow control is off for TX and off for RX.
roboswitch: Probing device eth0: No Robo switch in managed mode found, phy_id = 0xffffffff
roboswitch: Probing device eth1: No such device
roboswitch: Probing device eth2: No such device
roboswitch: Probing device eth3: No such device
mini_fo: using base directory: /
mini_fo: using storage directory: /overlay
mtdblock: erase of region [0x0, 0x10000] on "nvram" failed
jffs2.bbc: SIZE compression mode activated.
b44: eth0: Link is up at 100 Mbps, full duplex.
b44: eth0: Flow control is off for TX and off for RX.
There is already a switch registered on the device 'eth0'
roboswitch: Probing device eth1: No such device
roboswitch: Probing device eth2: No such device
roboswitch: Probing device eth3: No such device
eth0.1: add 01:00:5e:00:00:01 mcast address to master interface
eth0.0: add 01:00:5e:00:00:01 mcast address to master interface
eth0.0: dev_set_promiscuity(master, 1)
device eth0 entered promiscuous mode
device eth0.0 entered promiscuous mode
br-lan: port 1(eth0.0) entering learning state
br-lan: port 1(eth0.0) entering forwarding state
br-lan: topology change detected, propagating
CSLIP: code copyright 1989 Regents of the University of California
PPP generic driver version 2.4.2
PCI: Setting latency timer of device 00:01.0 to 64
PCI/DMA
wl0: wlc_attach: chiprev 1 coreunit 0 corerev 7 cccap 0x4876a maccap 0x0 band 2.4G, phy_type 2 phy_rev 2 ana_rev 2
wl0: Broadcom BCM4320 802.11 Wireless Controller 4.150.10.5
ip_tables: (C) 2000-2002 Netfilter core team
ip_conntrack version 2.1 (5953 buckets, 5953 max) - 352 bytes per conntrack
device wl0 entered promiscuous mode
br-lan: port 2(wl0) entering learning state
br-lan: port 2(wl0) entering forwarding state
br-lan: topology change detected, propagating
IPv6 v0.8 for NET4.0
eth0.0: add 33:33:00:00:00:01 mcast address to master interface
eth0.0: add 33:33:ff:d5:ce:e9 mcast address to master interface
eth0.1: add 33:33:00:00:00:01 mcast address to master interface
eth0.1: add 33:33:ff:d5:ce:e9 mcast address to master interface
IPv6 over IPv4 tunneling driver
ip6_tables: (C) 2000-2002 Netfilter core team
eth0.1: no IPv6 routers present
eth0: no IPv6 routers present
br-lan: no IPv6 routers present
eth0.0: no IPv6 routers present
wl0: no IPv6 routers present
eth0.0: add 33:33:00:00:00:02 mcast address to master interface
eth0.0: add 33:33:ff:00:00:00 mcast address to master interface
eth0.1: add 33:33:00:00:00:02 mcast address to master interface
eth0.1: add 33:33:ff:00:00:00 mcast address to master interface

Znalazłem jeszcze coś takiego:

Code:

As explained above, Path MTU Discovery doesn't work as well as it should anymore. If you know for a fact that a hop somewhere in your network has a limited (<1500) MTU, you cannot rely on PMTU Discovery finding this out.



Besides MTU, there is yet another way to set the maximum packet size, the so called Maximum Segment Size. This is a field in the TCP Options part of a SYN packet.



Recent Linux kernels, and a few PPPoE drivers (notably, the excellent Roaring Penguin one), feature the possibility to 'clamp the MSS'.



The good thing about this is that by setting the MSS value, you are telling the remote side unequivocally 'do not ever try to send me packets bigger than this value'. No ICMP traffic is needed to get this to work.



The bad thing is that it's an obvious hack - it breaks 'end to end' by modifying packets. Having said that, we use this trick in many places and it works like a charm.



In order for this to work you need at least iptables-1.2.1a and Linux 2.4.3 or higher. The basic command line is:



# iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS  --clamp-mss-to-pmtu

This calculates the proper MSS for your link. If you are feeling brave, or think that you know best, you can also do something like this:



# iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128

This sets the MSS of passing SYN packets to 128. Use this if you have VoIP with tiny packets, and huge http packets which are causing chopping in your voice calls.

Spróbuję dodać te wpisy...

Dodano po 5 [minuty]:

Też nic z tego...

Edit:
Ok udało się!
Należało dodać regułę do tablicy iptables:

Code:

iptables -t mangle -A FORWARD -o pppoe-wan -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu



gdzie "pppoe-wan" to moja nazwa interfejsu wyjściowego (trzeba zmienić na swój)

Zadziałało od ręki więc jeszcze tylko dodać do skryptu wykonywanego przy każdym starcie/restarcie firewalla:

Code:

vi /etc/firewall.user

i ewentualnie restart firewalla:

Code:

/etc/init.d/firewall restart

Gotowe, wszystkie strony śmigają na wszystkich urządzeniach

Wartości MTU na routerze zostawiłem domyślne, nie wymuszałem żadnych zmian oprócz 1480 dla tunelu 6in4 ale nie ma on związku z całą sprawą

Dzięki wszystkim za pomoc!
Pozdrawiam

rafu997 · Answer

Jednak okazało się, że sprawa jest trochę prostsza. Wystarczy dopisać opcję

Code:

option 'mtu_fix' '1'

do

Code:

vi /etc/config/firewall

do strefy zone interfejsu wan, czyli coś takiego:

Code:

config 'zone'

        option 'name' 'wan'

        option 'mtu_fix' '1'

        option 'output' 'ACCEPT'

        option 'masq' '1'

        option 'input' 'ACCEPT'

        option 'forward' 'ACCEPT'

        option 'network' 'wan wan6'

Ułatwia to trochę sprawę bo automatycznie dodaje wpisy do iptables:

Code:


-A zone_wan_MSSFIX -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

-A zone_wan_MSSFIX -o 6in4-wan6 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Opcja mtu_fix 1 jest teoretycznie domyślnie ustawiona w firewallu, jednak u mnie jej nie było... Zaczynałem konfigurację od zera więc powinno być ok a nie było

Pozdrawiam