Shorewall users - Nov 2004 - PPPoE + Masquedate + Shorewall

Hi,

I have been a shorewall user for a long time now, and it has been 
working flawlessly. I have now changed ISP and my new DSL connection is 
PPPoE.

My setup is as follows:

internet <--------> 3com812 Officeconnect (bridge mode) <----> eth0 
<-------> linux box <----> eth1, eth2, eth3, eth4 <---> other
internal
networks

Things are working fine, but the link is _very_ slow. I have tried 
connecting the router directly to a win2k box and it is fast, so I have 
concluded it is a configuration problem on linux box.

Trying to debug the problem, I have come to the following error messages 
by using tcpdump:

13:58:39.157552 PPPoE  [ses 0x42d] IP truncated-ip - 1280 bytes missing! 
130.206.1.5.45863 > 80.26.152.55.32781: . 138724:140176(1452) ack 1 win 
26136
13:58:39.157755 PPPoE  [ses 0x42d] IP 80.26.152.55.32781 > 
130.206.1.5.45863: . ack 137272 win 32767 <nop,nop,sack sack 1 
{138724:140176} >

Seems to be a mtu/mru/mss problem. I am not very proficient at 
networking, I have googled all last night and came to no solution. I 
have enabled CLAMPMSS=Yes in shorewall.conf

Can someone throw some light on this issue?

Thanks.

PS:: I include my current configuration.


mordor:~# shorewall version
2.0.9
mordor:~# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:50:da:4f:79:83 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::250:daff:fe4f:7983/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:04:75:d5:3e:79 brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.1/24 brd 172.16.0.255 scope global eth1
    inet6 fe80::204:75ff:fed5:3e79/64 scope link
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:04:75:d5:3e:44 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global eth2
    inet6 fe80::204:75ff:fed5:3e44/64 scope link
       valid_lft forever preferred_lft forever
5: eth3: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:60:08:78:7d:7c brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.1/24 brd 10.10.10.255 scope global eth3
    inet6 fe80::260:8ff:fe78:7d7c/64 scope link
       valid_lft forever preferred_lft forever
6: eth4: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:4f:4e:06:80:1b brd ff:ff:ff:ff:ff:ff
    inet 10.3.45.1/24 brd 10.3.45.255 scope global eth4
    inet6 fe80::24f:4eff:fe06:801b/64 scope link
       valid_lft forever preferred_lft forever
7: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0
9: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3
    link/ppp
    inet 80.26.152.55 peer 213.0.184.253/32 scope global ppp0
mordor:~# ip route show
213.0.184.253 dev ppp0  proto kernel  scope link  src 80.26.152.55
10.3.45.0/24 dev eth4  proto kernel  scope link  src 10.3.45.1
172.16.0.0/24 dev eth1  proto kernel  scope link  src 172.16.0.1
192.168.1.0/24 dev eth2  proto kernel  scope link  src 192.168.1.1
10.10.10.0/24 dev eth3  proto kernel  scope link  src 10.10.10.1
default via 213.0.184.253 dev ppp0

On Wed, 2004-11-03 at 05:04, Olmo González wrote:
> 
> My setup is as follows:
> 
> internet <--------> 3com812 Officeconnect (bridge mode) <---->
eth0
> <-------> linux box <----> eth1, eth2, eth3, eth4 <--->
other internal
> networks
> 
> Things are working fine, but the link is _very_ slow. I have tried 
> connecting the router directly to a win2k box and it is fast, so I have 
> concluded it is a configuration problem on linux box.
> 
> Can someone throw some light on this issue?
> 
Try "ip -s link ls" -- are you seeing errors/drops?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Hi,

Here is the output:

2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:50:da:4f:79:83 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast
    3101968493 2718937  139     0       0       0
    TX: bytes  packets  errors  dropped carrier collsns
    426315348  1890919  0       0       33      16553

16: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen
3
    link/ppp
    RX: bytes  packets  errors  dropped overrun mcast
    2599729664 2345678  0       0       0       0
    TX: bytes  packets  errors  dropped carrier collsns
    342888104  1616344  0       0       0       0

Thanks for the help.
Olmo


Tom Eastep wrote:
>On Wed, 2004-11-03 at 05:04, Olmo González wrote:
>
>  
>
>>My setup is as follows:
>>
>>internet <--------> 3com812 Officeconnect (bridge mode)
<----> eth0
>><-------> linux box <----> eth1, eth2, eth3, eth4
<---> other internal
>>networks
>>
>>Things are working fine, but the link is _very_ slow. I have tried 
>>connecting the router directly to a win2k box and it is fast, so I have 
>>concluded it is a configuration problem on linux box.
>>
>>Can someone throw some light on this issue?
>>
>>    
>>
>
>Try "ip -s link ls" -- are you seeing errors/drops?
>
>-Tom
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Shorewall-users mailing list
>Post: Shorewall-users@lists.shorewall.net
>Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
>Support: http://www.shorewall.net/support.htm
>FAQ: http://www.shorewall.net/FAQ.htm
>