On Friday 10 Jan 2014 19:42:37 Kerin Millar wrote: > the wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Hello. This is the the first time I'm dealing with wifi and the second > > time with NAT. > > I have a server (access point) with a ppp0 interface (internet), eth0, > > wlan0, tun0 and sit0. A dhcp server is listening on wlan0 and provides > > local ip addresses, dns (= my isp dns) and router (= server wlan0 ip > > address). Nat is configured on the server like this: > > # Generated by iptables-save v1.4.20 on Fri Jan 10 21:34:26 2014 > > *raw > > > > :PREROUTING ACCEPT [1000941:974106726] > > :OUTPUT ACCEPT [775261:165606146] > > > > COMMIT > > # Completed on Fri Jan 10 21:34:26 2014 > > # Generated by iptables-save v1.4.20 on Fri Jan 10 21:34:26 2014 > > *nat > > > > :PREROUTING ACCEPT [888:45008] > > :INPUT ACCEPT [63:9590] > > :OUTPUT ACCEPT [442:27137] > > :POSTROUTING ACCEPT [36:1728] > > > > - -A POSTROUTING -o ppp0 -j MASQUERADE > > COMMIT > > # Completed on Fri Jan 10 21:34:26 2014 > > # Generated by iptables-save v1.4.20 on Fri Jan 10 21:34:26 2014 > > *mangle > > > > :PREROUTING ACCEPT [1000941:974106726] > > :INPUT ACCEPT [951658:947497602] > > :FORWARD ACCEPT [39262:26279024] > > :OUTPUT ACCEPT [775261:165606146] > > :POSTROUTING ACCEPT [814621:191890787] > > > > COMMIT > > # Completed on Fri Jan 10 21:34:26 2014 > > # Generated by iptables-save v1.4.20 on Fri Jan 10 21:34:26 2014 > > *filter > > > > :INPUT ACCEPT [371:35432] > > :FORWARD ACCEPT [0:0] > > :OUTPUT ACCEPT [33994:3725352] > > > > - -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > - -A FORWARD -i wlan0 -o ppp0 -j ACCEPT > > - -A FORWARD -i ppp0 -o wlan0 -j ACCEPT > > - -A FORWARD -i eth0 -j DROP > > - -A FORWARD -i tun0 -j DROP > > COMMIT > > # Completed on Fri Jan 10 21:34:26 2014 > > I have a client that connects to my wifi, obtains an address via dhcp > > and ... can't acces almost all of internet sites. > > I was able to ping any web service I could think of, but I was able to > > use only google/youtube. I can do text/ image serches on google and > > can open youtube(but videos aren't loading). On other services wget > > says connection established, but it can't retrieve anything. if I ssh > > to an external server (not my nat server) I can ls, but if I try to ls > > - -alh I receive only a half of the files list and the terminal hangs > > after that. > > If I do $python -m http.server on my server I can do file transfers > > and open html pages on my client. I have tried this > > https://wiki.archlinux.org/index.php/Software_Access_Point#WLAN_is_very_s > > low > > > > Also I have tried to insert LOG target in FORWARD of filter. > > It showed that I send way more pakets(>10) to a http server than I > > receive(~2-4). > > The client is fine and behaves normally with wifi, used it many times. > > Thanks for your time. > > It's probable that you need to make use of MSS clamping. Try the > following rule: > > iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j > TCPMSS --clamp-mss-to-pmtu > > --Kerin
This explains it: http://lartc.org/howto/lartc.cookbook.mtu-mss.html Is there a router somewhere (your ISP?) that does not play nice with PMTU Discovery? What happens if you set your ifaces to have an mtu or 1492 (needed to accomodate your PPPoE headers) or even lower like 1440, or 1380? -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
