Elektroda.pl
Elektroda.pl
X

Search our partners

Find the latest content on electronic components. Datasheets.com
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

OpenWrt 10.03.1 - + tp-link w trybie bridge - nie działa ~połowa stron www

rafu997 28 Aug 2013 16:25 3135 7
  • #1
    rafu997
    Level 10  
    Witam, mam problem z działaniem internetu po połączeniu tych dwóch routerów. Sprawa wygląda tak:
    Internet ADSL (neostrada), tp-link w trybie bridge (synchro bardzo ładne) - tutaj wszystko działa, żadnych problemów. Do tp-linka mam podłączony po ethernecie Linksys WRT54g v2 z firmware backfire 10.03.1. Połączenie wan po pppoe, login do neo i hasło wprowadzone - wszystko gra. Loguje się, internet jest ale część stron nie działa. Wczytują się w nieskończoność, zawieszają się przeważnie na ładowaniu jakiejś podrzędnej strony. Np. wczytując xda-developers.com załaduje się tytuł strony i tak wisi w chrome na "Oczekiwanie na cdn.www.xda-developers.com", ładując interie jest to samo - tytuł strony jest i wisi na "Oczekiwanie na w.iplsc.com". Dość sporo stron w ten sposób się nie może załadować a niektóre śmigają bez zająknięcia. Dodatkowo mam skonfigurowany tunel 6in4 z http://www.he.net/. Pod tym względem też jest wszystko ok. strony po ipv6 śmigają bardzo ładnie, nie ma to chyba związku z problemami z "normalnymi" stronami www (wyłączałem tunel, wyłączałem obsługę IPv6 w windowsie i bez zmian). Poniżej konfiguracja routera:
    OpenWrt 10.03.1 - + tp-link w trybie bridge - nie działa ~połowa stron www

    root@OpenWrt:~# ifconfig
    Spoiler:

    6in4-wan6 Link encap:IPv6-in-IPv4
    inet6 addr: fe80::5f31:e577/128 Scope:Link
    inet6 addr: 2001:470:70:2b2::2/64 Scope:Global
    UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
    RX packets:4340 errors:0 dropped:0 overruns:0 frame:0
    TX packets:3339 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:3999151 (3.8 MiB) TX bytes:591565 (577.7 KiB)

    br-lan Link encap:Ethernet HWaddr 00:0F:66:D5:CE:E9
    inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
    inet6 addr: 2001:470:71:2b2::1/64 Scope:Global
    inet6 addr: fe80::20f:66ff:fed5:cee9/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1492 Metric:1
    RX packets:13567 errors:0 dropped:0 overruns:0 frame:0
    TX packets:14837 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:1649713 (1.5 MiB) TX bytes:12423388 (11.8 MiB)

    eth0 Link encap:Ethernet HWaddr 00:0F:66:D5:CE:E9
    inet6 addr: fe80::20f:66ff:fed5:cee9/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:30304 errors:0 dropped:0 overruns:0 frame:0
    TX packets:28809 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:14360991 (13.6 MiB) TX bytes:14325738 (13.6 MiB)
    Interrupt:5

    eth0.0 Link encap:Ethernet HWaddr 00:0F:66:D5:CE:E9
    inet6 addr: fe80::20f:66ff:fed5:cee9/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:13567 errors:0 dropped:0 overruns:0 frame:0
    TX packets:14843 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:1703981 (1.6 MiB) TX bytes:12483248 (11.9 MiB)

    eth0.1 Link encap:Ethernet HWaddr 00:0F:66:D5:CE:E9
    inet6 addr: fe80::20f:66ff:fed5:cee9/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:16735 errors:0 dropped:0 overruns:0 frame:0
    TX packets:13956 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:12111340 (11.5 MiB) TX bytes:1612489 (1.5 MiB)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:340 errors:0 dropped:0 overruns:0 frame:0
    TX packets:340 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:24386 (23.8 KiB) TX bytes:24386 (23.8 KiB)

    pppoe-wan Link encap:Point-to-Point Protocol
    inet addr:95.49.229.119 P-t-P:213.25.2.226 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
    RX packets:12325 errors:0 dropped:0 overruns:0 frame:0
    TX packets:9896 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:3
    RX bytes:11742229 (11.1 MiB) TX bytes:1216759 (1.1 MiB)

    wl0 Link encap:Ethernet HWaddr 00:0F:66:D5:CE:EB
    inet6 addr: fe80::20f:66ff:fed5:ceeb/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:3703
    TX packets:1584 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 B) TX bytes:284991 (278.3 KiB)
    Interrupt:4 Base address:0x1000


    /etc/config/network
    Spoiler:
    config 'switch' 'eth0'
    option 'enable' '1'

    config 'switch_vlan' 'eth0_0'
    option 'device' 'eth0'
    option 'vlan' '0'
    option 'ports' '1 2 3 4 5'

    config 'switch_vlan' 'eth0_1'
    option 'device' 'eth0'
    option 'vlan' '1'
    option 'ports' '0 5'

    config 'interface' 'loopback'
    option 'ifname' 'lo'
    option 'proto' 'static'
    option 'ipaddr' '127.0.0.1'
    option 'netmask' '255.0.0.0'

    config 'interface' 'lan'
    option 'type' 'bridge'
    option 'ifname' 'eth0.0'
    option 'proto' 'static'
    option 'netmask' '255.255.255.0'
    option 'ipaddr' '192.168.2.1'
    option 'ip6addr' '2001:470:71:2b2::1/64'
    option 'mtu' '1492'



    config 'interface' 'wan'
    option 'ifname' 'eth0.1'
    option '_orig_ifname' 'eth0.1'
    option '_orig_bridge' 'false'
    option 'proto' 'pppoe'
    option 'username' 'xxxxxxx@neostrada.pl'
    option 'password' 'xxxxxxx'
    option 'accept_ra' '1'
    option 'send_rs' '0'

    config 'interface' 'wan6'
    option 'proto' '6in4'
    option 'peeraddr' '216.66.80.162'
    option 'ip6addr' '2001:470:70:2b2::2/64'
    option 'ip6prefix' '2001:470:71:2b2::/64'
    option 'tunnelid' '218502'
    option 'username' 'tb521cac5fcfc063.18886102'
    option 'password' 'xxxxxxxx'
    option 'mtu' '1480'

    /etc/config/firewall
    Spoiler:
    config 'defaults'
    option 'input' 'ACCEPT'
    option 'output' 'ACCEPT'
    option 'drop_invalid' '0'
    option 'forward' 'ACCEPT'

    config 'zone'
    option 'name' 'lan'
    option 'network' 'lan'
    option 'input' 'ACCEPT'
    option 'output' 'ACCEPT'
    option 'forward' 'ACCEPT'

    config 'zone'
    option 'name' 'wan'
    option 'output' 'ACCEPT'
    option 'masq' '1'
    option 'input' 'ACCEPT'
    option 'forward' 'ACCEPT'
    option 'network' 'wan wan6'

    config 'rule'
    option 'name' 'Allow-DHCP-Renew'
    option 'src' 'wan'
    option 'proto' 'udp'
    option 'dest_port' '68'
    option 'target' 'ACCEPT'
    option 'family' 'ipv4'

    config 'rule'
    option 'name' 'Allow-Ping'
    option 'src' 'wan'
    option 'proto' 'icmp'
    option 'icmp_type' 'echo-request'
    option 'family' 'ipv4'
    option 'target' 'ACCEPT'

    config 'rule'
    option 'name' 'Allow-DHCPv6'
    option 'src' 'wan'
    option 'proto' 'udp'
    option 'src_ip' 'fe80::/10'
    option 'src_port' '547'
    option 'dest_ip' 'fe80::/10'
    option 'dest_port' '546'
    option 'family' 'ipv6'
    option 'target' 'ACCEPT'

    config 'rule'
    option 'name' 'Allow-ICMPv6-Input'
    option 'src' 'wan'
    option 'proto' 'icmp'
    list 'icmp_type' 'echo-request'
    list 'icmp_type' 'destination-unreachable'
    list 'icmp_type' 'packet-too-big'
    list 'icmp_type' 'time-exceeded'
    list 'icmp_type' 'bad-header'
    list 'icmp_type' 'unknown-header-type'
    list 'icmp_type' 'router-solicitation'
    list 'icmp_type' 'neighbour-solicitation'
    option 'limit' '1000/sec'
    option 'family' 'ipv6'
    option 'target' 'ACCEPT'

    config 'rule'
    option 'name' 'Allow-ICMPv6-Forward'
    option 'src' 'wan'
    option 'dest' '*'
    option 'proto' 'icmp'
    list 'icmp_type' 'echo-request'
    list 'icmp_type' 'destination-unreachable'
    list 'icmp_type' 'packet-too-big'
    list 'icmp_type' 'time-exceeded'
    list 'icmp_type' 'bad-header'
    list 'icmp_type' 'unknown-header-type'
    option 'limit' '1000/sec'
    option 'family' 'ipv6'
    option 'target' 'ACCEPT'

    config 'rule'
    option 'name' 'HE-IP6'
    option 'src' 'wan'
    option 'proto' '41'
    option 'target' 'ACCEPT'

    config 'include'
    option 'path' '/etc/firewall.user'

    config 'forwarding'
    option 'dest' 'wan'
    option 'src' 'lan'

    config 'forwarding'
    option 'dest' 'lan'
    option 'src' 'wan'

    brctl show
    Spoiler:
    root@OpenWrt:~# brctl show
    bridge name bridge id STP enabled interfaces
    br-lan 8000.000f66d5cee9 no eth0.0
    wl0

    ps ax
    Spoiler:
    root@OpenWrt:~# ps ax
    PID USER VSZ STAT COMMAND
    1 root 1432 S init
    2 root 0 SW [keventd]
    3 root 0 RWN [ksoftirqd_CPU0]
    4 root 0 SW [kswapd]
    5 root 0 SW [bdflush]
    6 root 0 SW [kupdated]
    8 root 0 SW [mtdblockd]
    97 root 0 SWN [jffs2_gcd_mtd4]
    121 root 1432 S init
    147 root 1440 S syslogd -C16
    149 root 1420 S klogd
    342 root 1332 S /usr/sbin/pppd plugin rp-pppoe.so mtu 1492 mru 1492 p
    832 root 1112 S /usr/sbin/dropbear -P /var/run/dropbear.1.pid -p 22
    852 root 772 S radvd -C /var/etc/radvd.conf -m stderr_syslog -p /var
    860 root 960 S /usr/sbin/uhttpd -f -h /www -r OpenWrt -x /cgi-bin -t
    884 nobody 880 S /usr/sbin/dnsmasq -K -D -y -Z -b -E -s lan -S /lan/ -
    893 root 1432 S /usr/sbin/ntpd -n -p 0.openwrt.pool.ntp.org -p 1.open
    2159 root 1188 S /usr/sbin/dropbear -P /var/run/dropbear.1.pid -p 22
    2170 root 1436 S -ash
    2724 root 1428 R ps ax

    Konfiguracja karty w kompie:
    Spoiler:
    Karta Ethernet Połączenie lokalne:

    Sufiks DNS konkretnego połączenia : lan
    Opis. . . . . . . . . . . . . . . : Karta Realtek RTL8139/810x Family Fast Ethernet NIC
    Adres fizyczny. . . . . . . . . . : 00-0E-2E-CA-04-3E
    DHCP włączone . . . . . . . . . . : Tak
    Autokonfiguracja włączona . . . . : Tak
    Adres IPv6. . . . . . . . . . . . : 2001:470:71:2b2:a0e7:d51:9bbf:e609(Preferowane)
    Tymczasowy adres IPv6 . . . . . . : 2001:470:71:2b2:5567:41ac:764a:fbcc(Preferowane)
    Adres IPv6 połączenia lokalnego . : fe80::a0e7:d51:9bbf:e609%11(Preferowane)

    Adres IPv4. . . . . . . . . . . . . : 192.168.2.166(Preferowane)
    Maska podsieci. . . . . . . . . . : 255.255.255.0
    Dzierżawa uzyskana. . . . . . . . : 28 sierpnia 2013 15:21:31
    Dzierżawa wygasa. . . . . . . . . : 29 sierpnia 2013 03:21:34
    Brama domyślna. . . . . . . . . . : fe80::20f:66ff:fed5:cee9%11
    192.168.2.1
    Serwer DHCP . . . . . . . . . . . : 192.168.2.1
    Identyfikator IAID DHCPv6 . . . . : 234884654
    Identyfikator DUID klienta DHCPv6 : 00-01-00-01-19-A9-83-62-00-0E-2E-CA-04-3E

    Serwery DNS . . . . . . . . . . . : 192.168.2.1
    NetBIOS przez Tcpip . . . . . . . : Włączony

    Co może być nie tak? Gdzie szukać problemu?
    Z góry dzięki za pomoc.
  • Helpful post
    #2
    User removed account
    Level 1  
  • #3
    rafu997
    Level 10  
    To już właśnie próbowałem. Wstawiłem serwery DNS googla do ipv4 i ipv6. Na kompie i na routerze później też. Bez zmian.
  • Helpful post
    #4
    dinos83
    Level 33  
    Zmień wartość MTU.
  • #5
    rafu997
    Level 10  
    Właśnie odszukałem artykuł z podobnym problemem i też sugerują MTU. Tylko teraz jeszcze bym prosił o podpowiedź, które MTU zmieniać żeby wszystko się zgrało? Tunel 6in4 mam 1480, połączenie pppoe do neostrady przydziela mi chyba 1492. Spróbuję wszystkie wartości MTU ustawić na 1464, bo dopiero przy tej wartości lecą mi pingi do onetu (ping -f -l 1464 www.onet.pl)

    Dodano po 2 [godziny] 9 [minuty]:

    Dalej nie mogę ogarnąć tego MTU... ustawiam na interfejsach wan i lan różne wartości i aktualnie większość już działa (np. elektroda). Nie działa mi cały czas wykop.pl. Sprawdzałem pingami z jakim maksymalnym MTU leci i dopiero przy 1432 była odpowiedź (na routerze ustawione było 1460 (lan i wan)). Więc teoretycznie wartości poprawne. Wszystkie strony zaczęły poprawnie działać dopiero po ustawieniu MTU 1460 w Windowsie. Teraz co zrobić żeby router wymuszał takie MTU na podpiętych kompach? Po połączeniu się z routerem przez wifi np. smartfonem dalej część stron nie działa.
    Aktualnie na routerze tak to wygląda:
    Spoiler:
    6in4-wan6 Link encap:IPv6-in-IPv4
    inet6 addr: 2001:470:70:2b2::2/64 Scope:Global
    inet6 addr: fe80::b22a:2d40/128 Scope:Link
    UP POINTOPOINT RUNNING NOARP MTU:1460 Metric:1
    RX packets:54 errors:0 dropped:0 overruns:0 frame:0
    TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:17988 (17.5 KiB) TX bytes:9888 (9.6 KiB)

    br-lan Link encap:Ethernet HWaddr 00:0F:66:D5:CE:E9
    inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
    inet6 addr: 2001:470:71:2b2::1/64 Scope:Global
    inet6 addr: fe80::20f:66ff:fed5:cee9/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1460 Metric:1
    RX packets:4548 errors:0 dropped:0 overruns:0 frame:0
    TX packets:2730 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:590146 (576.3 KiB) TX bytes:835880 (816.2 KiB)

    eth0 Link encap:Ethernet HWaddr 00:0F:66:D5:CE:E9
    inet6 addr: fe80::20f:66ff:fed5:cee9/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:6364 errors:0 dropped:0 overruns:0 frame:0
    TX packets:6594 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:1552232 (1.4 MiB) TX bytes:1402072 (1.3 MiB)
    Interrupt:5

    eth0.0 Link encap:Ethernet HWaddr 00:0F:66:D5:CE:E9
    inet6 addr: fe80::20f:66ff:fed5:cee9/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:3045 errors:0 dropped:0 overruns:0 frame:0
    TX packets:3608 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:580077 (566.4 KiB) TX bytes:1004448 (980.9 KiB)

    eth0.1 Link encap:Ethernet HWaddr 00:0F:66:D5:CE:E9
    inet6 addr: fe80::20f:66ff:fed5:cee9/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1460 Metric:1
    RX packets:3235 errors:0 dropped:0 overruns:0 frame:0
    TX packets:2982 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:847922 (828.0 KiB) TX bytes:348596 (340.4 KiB)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:340 errors:0 dropped:0 overruns:0 frame:0
    TX packets:340 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:24386 (23.8 KiB) TX bytes:24386 (23.8 KiB)

    pppoe-wan Link encap:Point-to-Point Protocol
    inet addr:178.42.45.64 P-t-P:213.25.2.226 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1460 Metric:1
    RX packets:2483 errors:0 dropped:0 overruns:0 frame:0
    TX packets:2354 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:3
    RX bytes:776600 (758.3 KiB) TX bytes:265646 (259.4 KiB)

    wl0 Link encap:Ethernet HWaddr 00:0F:66:D5:CE:EB
    inet6 addr: fe80::20f:66ff:fed5:ceeb/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:3573 errors:0 dropped:0 overruns:0 frame:4596
    TX packets:3940 errors:28 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:722509 (705.5 KiB) TX bytes:1047420 (1022.8 KiB)
    Interrupt:4 Base address:0x1000


    I wszystkie strony działają tylko na komputerze, na którym wymusiłem mtu 1460
  • Helpful post
    #6
    User removed account
    Level 1  
  • #7
    rafu997
    Level 10  
    Niestety nic z tego. Dalej na komputerach nie działają niektóre strony.
    cat /etc/config/dhcp:
    Spoiler:
    config dnsmasq
    option domainneeded 1
    option boguspriv 1
    option filterwin2k 0 # enable for dial on demand
    option localise_queries 1
    option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
    option rebind_localhost 1 # enable for RBL checking and similar services
    #list rebind_domain example.lan # whitelist RFC1918 responses for domains
    option local '/lan/'
    option domain 'lan'
    option expandhosts 1
    option nonegcache 0
    option authoritative 1
    option readethers 1
    option leasefile '/tmp/dhcp.leases'
    option resolvfile '/tmp/resolv.conf.auto'
    #list server '/mycompany.local/1.2.3.4'
    #option nonwildcard 1
    #list interface br-lan
    #list notinterface lo
    #list bogusnxdomain '64.94.110.11'

    config dhcp lan
    option interface lan
    option start 100
    option limit 150
    option 'dhcp-option' 'option:mtu, 1460'
    option leasetime 12h

    config dhcp wan
    option interface wan
    option ignore 1


    dmesg:
    Spoiler:
    CPU revision is: 00029007
    Primary instruction cache 8kB, physically tagged, 2-way, linesize 16 bytes.
    Primary data cache 4kB, 2-way, linesize 16 bytes.
    Linux version 2.4.37.9 (jow@nd-build-02.linux-appliance.net) (gcc version 3.4.6 (OpenWrt-2.0)) #12 Wed Dec 21 03:33:39 CET 2011
    Determined physical RAM map:
    memory: 01000000 @ 00000000 (usable)
    On node 0 totalpages: 4096
    zone(0): 4096 pages.
    zone(1): 0 pages.
    zone(2): 0 pages.
    Kernel command line: root=/dev/mtdblock2 rootfstype=squashfs,jffs2 init=/etc/preinit noinitrd console=ttyS0,115200
    CPU: BCM4712 rev 1 at 200 MHz
    Using 100.000 MHz high precision timer.
    Calibrating delay loop... 197.83 BogoMIPS
    Memory: 14232k/16384k available (1457k kernel code, 2152k reserved, 100k data, 84k init, 0k highmem)
    Dentry cache hash table entries: 2048 (order: 2, 16384 bytes)
    Inode cache hash table entries: 1024 (order: 1, 8192 bytes)
    Mount cache hash table entries: 512 (order: 0, 4096 bytes)
    Buffer cache hash table entries: 1024 (order: 0, 4096 bytes)
    Page-cache hash table entries: 4096 (order: 2, 16384 bytes)
    Checking for 'wait' instruction... unavailable.
    POSIX conformance testing by UNIFIX
    PCI: Initializing host
    PCI: Fixing up bus 0
    PCI: Fixing up bridge
    PCI: Setting latency timer of device 01:00.0 to 64
    PCI: Fixing up bus 1
    Linux NET4.0 for Linux 2.4
    Based upon Swansea University Computer Society NET3.039
    Initializing RT netlink socket
    Starting kswapd
    Registering mini_fo version $Id$
    devfs: v1.12c (20020818) Richard Gooch (rgooch@atnf.csiro.au)
    devfs: boot_options: 0x1
    JFFS2 version 2.1. (C) 2001 Red Hat, Inc., designed by Axis Communications AB.
    squashfs: version 3.0 (2006/03/15) Phillip Lougher
    pty: 256 Unix98 ptys configured
    Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled
    ttyS00 at 0xb8000300 (irq = 3) is a 16550A
    ttyS01 at 0xb8000400 (irq = 3) is a 16550A
    b44.c:v0.93 (Mar, 2004)
    PCI: Setting latency timer of device 00:02.0 to 64
    eth0: Broadcom 47xx 10/100BaseT Ethernet 00:0f:66:d5:ce:e9
    Physically mapped flash: Found an alias at 0x400000 for the chip at 0x0
    Physically mapped flash: Found an alias at 0x800000 for the chip at 0x0
    Physically mapped flash: Found an alias at 0xc00000 for the chip at 0x0
    Physically mapped flash: Found an alias at 0x1000000 for the chip at 0x0
    Physically mapped flash: Found an alias at 0x1400000 for the chip at 0x0
    Physically mapped flash: Found an alias at 0x1800000 for the chip at 0x0
    Physically mapped flash: Found an alias at 0x1c00000 for the chip at 0x0
    cfi_cmdset_0001: Erase suspend on write enabled
    0: offset=0x0,size=0x2000,blocks=8
    1: offset=0x10000,size=0x10000,blocks=63
    Using word write method
    Flash device: 0x400000 at 0x1c000000
    bootloader size: 262144
    Physically mapped flash: Filesystem type: squashfs, size=0x1a99ba
    Creating 5 MTD partitions on "Physically mapped flash":
    0x00000000-0x00040000 : "cfe"
    0x00040000-0x003f0000 : "linux"
    0x000bd400-0x00270000 : "rootfs"
    mtd: partition "rootfs" doesn't start on an erase block boundary -- force read-only
    0x003f0000-0x00400000 : "nvram"
    0x00270000-0x003f0000 : "rootfs_data"
    sflash: found no supported devices
    Initializing Cryptographic API
    IEEE 802.2 LLC for Linux 2.1 (c) 1996 Tim Alpaerts
    NET4: Linux TCP/IP 1.0 for NET4.0
    IP Protocols: ICMP, UDP, TCP, IGMP
    IP: routing cache hash table of 512 buckets, 4Kbytes
    TCP: Hash tables configured (established 1024 bind 2048)
    Linux IP multicast router 0.06 plus PIM-SM
    NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
    NET4: Ethernet Bridge 008 for NET4.0
    802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
    All bugs added by David S. Miller <davem@redhat.com>
    VFS: Mounted root (squashfs filesystem) readonly.
    Mounted devfs on /dev
    Freeing unused kernel memory: 84k freed
    diag: Detected 'Linksys WRT54G/GS/GL'
    b44: eth0: Link is up at 100 Mbps, full duplex.
    b44: eth0: Flow control is off for TX and off for RX.
    roboswitch: Probing device eth0: No Robo switch in managed mode found, phy_id = 0xffffffff
    roboswitch: Probing device eth1: No such device
    roboswitch: Probing device eth2: No such device
    roboswitch: Probing device eth3: No such device
    mini_fo: using base directory: /
    mini_fo: using storage directory: /overlay
    mtdblock: erase of region [0x0, 0x10000] on "nvram" failed
    jffs2.bbc: SIZE compression mode activated.
    b44: eth0: Link is up at 100 Mbps, full duplex.
    b44: eth0: Flow control is off for TX and off for RX.
    There is already a switch registered on the device 'eth0'
    roboswitch: Probing device eth1: No such device
    roboswitch: Probing device eth2: No such device
    roboswitch: Probing device eth3: No such device
    eth0.1: add 01:00:5e:00:00:01 mcast address to master interface
    eth0.0: add 01:00:5e:00:00:01 mcast address to master interface
    eth0.0: dev_set_promiscuity(master, 1)
    device eth0 entered promiscuous mode
    device eth0.0 entered promiscuous mode
    br-lan: port 1(eth0.0) entering learning state
    br-lan: port 1(eth0.0) entering forwarding state
    br-lan: topology change detected, propagating
    CSLIP: code copyright 1989 Regents of the University of California
    PPP generic driver version 2.4.2
    PCI: Setting latency timer of device 00:01.0 to 64
    PCI/DMA
    wl0: wlc_attach: chiprev 1 coreunit 0 corerev 7 cccap 0x4876a maccap 0x0 band 2.4G, phy_type 2 phy_rev 2 ana_rev 2
    wl0: Broadcom BCM4320 802.11 Wireless Controller 4.150.10.5
    ip_tables: (C) 2000-2002 Netfilter core team
    ip_conntrack version 2.1 (5953 buckets, 5953 max) - 352 bytes per conntrack
    device wl0 entered promiscuous mode
    br-lan: port 2(wl0) entering learning state
    br-lan: port 2(wl0) entering forwarding state
    br-lan: topology change detected, propagating
    IPv6 v0.8 for NET4.0
    eth0.0: add 33:33:00:00:00:01 mcast address to master interface
    eth0.0: add 33:33:ff:d5:ce:e9 mcast address to master interface
    eth0.1: add 33:33:00:00:00:01 mcast address to master interface
    eth0.1: add 33:33:ff:d5:ce:e9 mcast address to master interface
    IPv6 over IPv4 tunneling driver
    ip6_tables: (C) 2000-2002 Netfilter core team
    eth0.1: no IPv6 routers present
    eth0: no IPv6 routers present
    br-lan: no IPv6 routers present
    eth0.0: no IPv6 routers present
    wl0: no IPv6 routers present
    eth0.0: add 33:33:00:00:00:02 mcast address to master interface
    eth0.0: add 33:33:ff:00:00:00 mcast address to master interface
    eth0.1: add 33:33:00:00:00:02 mcast address to master interface
    eth0.1: add 33:33:ff:00:00:00 mcast address to master interface

    Znalazłem jeszcze coś takiego:
    Code:
    As explained above, Path MTU Discovery doesn't work as well as it should anymore. If you know for a fact that a hop somewhere in your network has a limited (<1500) MTU, you cannot rely on PMTU Discovery finding this out.
    

    Besides MTU, there is yet another way to set the maximum packet size, the so called Maximum Segment Size. This is a field in the TCP Options part of a SYN packet.

    Recent Linux kernels, and a few PPPoE drivers (notably, the excellent Roaring Penguin one), feature the possibility to 'clamp the MSS'.

    The good thing about this is that by setting the MSS value, you are telling the remote side unequivocally 'do not ever try to send me packets bigger than this value'. No ICMP traffic is needed to get this to work.

    The bad thing is that it's an obvious hack - it breaks 'end to end' by modifying packets. Having said that, we use this trick in many places and it works like a charm.

    In order for this to work you need at least iptables-1.2.1a and Linux 2.4.3 or higher. The basic command line is:

    # iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS  --clamp-mss-to-pmtu
    This calculates the proper MSS for your link. If you are feeling brave, or think that you know best, you can also do something like this:

    # iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128
    This sets the MSS of passing SYN packets to 128. Use this if you have VoIP with tiny packets, and huge http packets which are causing chopping in your voice calls.


    Spróbuję dodać te wpisy...

    Dodano po 5 [minuty]:

    Też nic z tego...

    Edit:
    Ok udało się!
    Należało dodać regułę do tablicy iptables:
    Code:
    iptables -t mangle -A FORWARD -o pppoe-wan -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
    

    gdzie "pppoe-wan" to moja nazwa interfejsu wyjściowego (trzeba zmienić na swój)


    Zadziałało od ręki więc jeszcze tylko dodać do skryptu wykonywanego przy każdym starcie/restarcie firewalla:
    Code:
    vi /etc/firewall.user

    i ewentualnie restart firewalla:
    Code:
    /etc/init.d/firewall restart

    Gotowe, wszystkie strony śmigają na wszystkich urządzeniach :) Wartości MTU na routerze zostawiłem domyślne, nie wymuszałem żadnych zmian oprócz 1480 dla tunelu 6in4 ale nie ma on związku z całą sprawą:)
    Dzięki wszystkim za pomoc!
    Pozdrawiam
  • #8
    rafu997
    Level 10  
    Jednak okazało się, że sprawa jest trochę prostsza. Wystarczy dopisać opcję
    Code:
    option 'mtu_fix' '1'

    do
    Code:
    vi /etc/config/firewall

    do strefy zone interfejsu wan, czyli coś takiego:
    Code:
    config 'zone'
    
            option 'name' 'wan'
            option 'mtu_fix' '1'
            option 'output' 'ACCEPT'
            option 'masq' '1'
            option 'input' 'ACCEPT'
            option 'forward' 'ACCEPT'
            option 'network' 'wan wan6'


    Ułatwia to trochę sprawę bo automatycznie dodaje wpisy do iptables:
    Code:

    -A zone_wan_MSSFIX -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
    -A zone_wan_MSSFIX -o 6in4-wan6 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu


    Opcja mtu_fix 1 jest teoretycznie domyślnie ustawiona w firewallu, jednak u mnie jej nie było... Zaczynałem konfigurację od zera więc powinno być ok a nie było :)

    Pozdrawiam