[Haifux] Router question

Maxim Kovgan kovganm at gmail.com
Sat Oct 16 22:38:27 MSD 2010


have you played with the mtu ?

Often times the dhcp server on the home router giveth the mtu of 1500.
It is perfectly OK if you either:

   - don't use VPN from router to ISP
   - use encryption (when wifi frame < IP frame sent from the router to the
   ISP)

Otherwise, you get 1 packet of the internal network is wraped into more than
1 packets to the outside world.
This (IIRC) is IPv4 problem (fragmentation), and some routers don't do this
well.

To resolve it you can make sure that 1 wifi packet = 1 outgoing packet of
your router to the ISP, by reducing the MTU on the clients, or by using no
VPN connection.

I remember MTU<=1452 used to be the magic number back in the DSL PPTP days.

I bet you could somehow sniff the packets, to verify, but I don't know how
to sniff the VPN packets if the router is the one who dials. But still, I
hope this is a useful hint ;-)



On Sat, Oct 16, 2010 at 7:59 PM, Ohad Lutzky <ohad at lutzky.net> wrote:

> traceroute is ICMP. I'm having trouble with specific ports on TCP.
>
> On Sat, Oct 16, 2010 at 7:53 PM, Dave Roi <davidroi at gmail.com> wrote:
>
>> Did you try running traceroute to the pgp server or android market server?
>> See how many hops it does go and see in which one it gets stuck.
>>
>>
>> On Sat, Oct 16, 2010 at 19:36, Ohad Lutzky <ohad at lutzky.net> wrote:
>>
>>> Hello everyone,
>>>
>>> I have a Linksys DSL-2760u router/DSL modem, using a Wow (Bezeq)
>>> connection to the Bezeq International ISP. It seems that various outgoing
>>> ports are blocked - HTTP, HTTPS, bittorrent and SSH work well enough, but -
>>> for example - I can't download Android apps from the Market. Easier to test,
>>> I can't download PGP public keys. For example:
>>>
>>> gpg -v -v --keyserver subkeys.pgp.net --recv F120156012B83718
>>> gpg: requesting key 12B83718 from hkp server subkeys.pgp.net
>>>
>>> This hangs indefinitely. So does this:
>>> telnet subkeys.pgp.net 11371
>>> Trying 195.113.19.83...
>>>
>>> The same occurs for other keyservers, git-protocol, and various other
>>> "unconventional" high-port usage. I've gone over the router settings,
>>> disabled its firewall (but not NAT, which I need), added my machine to the
>>> DMZ (this actually seems to help, sometimes, for git - and even then, only
>>> once), tried port triggering... I can't get a consistent result.
>>>
>>> I should note that this issue only exists for *outgoing* ports. I have no
>>> problem mapping *incoming* ports (such as my openssh server or bittorrent
>>> web interface).
>>>
>>> --
>>> Man is the only animal that laughs and weeps, for he is the only animal
>>> that is struck with the difference between what things are and what they
>>> ought to be.
>>>  - William Hazlitt
>>>
>>> Ohad Lutzky
>>>
>>> _______________________________________________
>>> Haifux mailing list
>>> Haifux at haifux.org
>>> http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
>>>
>>>
>>
>
>
> --
> Man is the only animal that laughs and weeps, for he is the only animal
> that is struck with the difference between what things are and what they
> ought to be.
>  - William Hazlitt
>
> Ohad Lutzky
>
> _______________________________________________
> Haifux mailing list
> Haifux at haifux.org
> http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
>
>


-- 
Maxim Kovgan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://haifux.org/pipermail/haifux/attachments/20101016/d683b02b/attachment.html 


More information about the Haifux mailing list