I was trying the following setup with IPIP tunnels, one that used to
work through another ISP, but no longer...
Internal network
|
Linux box 1 (kernel 2.2.24) iif=10.0.0.1, extf=a.b.c.d,
tunf=172.16.0.1
|
|local metropolitan network
|
Another Linux box 2 (kernel 2.2.17, or 2.4.19, same result)
iif=irrelevant, extf=x.y.z.v,
tunf=172.16.0.2
|
internet
mtu is 1500 on iif, extf (ethernet)
In short : I''m using an IPIP between the two linux boxes to give the
internal network access to the internet outside the metropolitan
network.
the setup on linux box 1:
ip tun add tun0 mode ipip ttl 64 local a.b.c.d remote x.y.z.v
ip addr add 172.16.0.1/32 dev tun0
ip link set tun0 up
ip ro add 172.16.0.2/32 via x.y.z.v dev tun0 onlink
Then :
table main contains no default route.
ip ru add pref 10 lookup main
ip ro add metro_dest via my_local_gateway dev extf table metro
... as many as needed
ip ru add pref 100 lookup metro
Up to here I have local directly connected networks and the metropolitan
network reachable
This is for packets with source set to tunnel address: (i learned this
trick from LVS howtos and multi path routing)
ip ro add 172.16.0.2/32 via x.y.z.v dev tun0 onlink src 172.16.0.1 table
tun
ip ro add default via 172.16.0.2 dev tun0 onlink src 172.16.0.1 table
tun
ip ru add pref 1000 from 172.16.0.1 lookup tun
This will direct all the rest through the tunnel.
ip ro add default via 172.16.0.2 dev tun0 onlink table outside
ip ru add pref 2000 lookup outside
firewall masquerades internal network:
ipchains -A forward -s 10.0.0.0/24 -j MASQ
-------------------------------------
This setup was working last year on a different ISP for my linux box.
Now I changed the ISP and this no longer works, or rather it works in
part:
From the linux box everything works.
From a windows box in the internal network ping works, traceroute works.
From a windows box in the internal network TCP (like a web page
retrival) it doesn''t, with a twist :
I request a web page and sometimes I manage to get 1-2 packets of reply
(SYN sent, ACK received, at most 1-2 packets of data go through, but
that''s all).
A tcpdump on such a connection yields the following :
windows box is A
destination (ie www.google.com) is B
A->B SYN
B->A ACK
after this, I see
A->B ACK window 8760 and gets no replies to these
B->A ACK window [something > 30000 or 60000] and gets no reaction from A
It continues like this for a while, independently sending each other
packets, without replying...
I have found a temporary fix modifying TCP setup on the windows box
using MTUSPEED :
I set it to optimum settings for the network interface, which mostly
does the following:
MTU=576
RWIN=removed
MSS=536
PMTUDiscovery=remove
--------------------------------------
However, I still don''t know the cause of this, and I''d really
like to
know a fix that will work on the linux box, without modifying each
windows box behind it.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
