[Shorewall-users] Shorewall, rp-pppoe & big transfers

Joshua Banks l0f33t at yahoo.com
Mon Dec 15 05:25:31 PST 2003

--- Dominique Archambault <apox at yahoo.com> wrote:
> st1\:*{behavior:url(#default#ieooui) }

What is that stuff above. ICKY... :D

> First, thanks for replying! :)

No problem Dominique.

> I have to set the packetsize at 1464 or lower, same for Windows, to
> ping the host.

Yes.. This was one of the base facts I was looking for. You have a max
mtu of 1492 bytes.
When you use ping with the options specified you told it to pad the
data payload of the packet with 1492 bytes and not to fragment the
packet in transit. Add an additional 20 bytes for the IP header and
another additional 8 bytes for the ICMP header and your 28 bytes over
your Max mtu of 1492. So your actual max (mss)or same as (your max data
payload unfragemented) when sending ICMP is 1464 bytes. Or ICMP MSS=
MAX MTU -28 bytes. This will be the same when using applications that
utilize UDP.

When you have an application that is using TCP this will be MSS= MAX
MTU -40 to -44 bytes. IP header =20 bytes TCP header =20 to 24 bytes.
(the other 4 bytes are for TCP options). For you, max TCP mss
unfragemented is 1448 bytes, or 1452 if no tcp options are used in the
tcp header.

> To reestablish connection, Ihave to either wait until pppd restarts
> the connection automatically, or restartit manually. No DSLmodem
> power cycling or anything needs to be done...

And before shorewall was put in place to route/firewall/nat, you used a
DLink router connected to the same cable modem?

> I will over the next 2-3days do some packet sniffing, and I'll
> try to get some interesting/relevant Logs...

This will help out allot.

> I'm not trying to blame Shorewall per say, just trying to figure
> out what's going on. Up to now, everything points to Shorewall,
> but it's mainly circumstantial evidence :) The Max MTU set on my
> PPPoE connection (in PPPoE config) is 1412,just in case. I tried with
> various numbers between 1412 and 1492, but to noavail.

I'm sorry. I didn't mean to say you WERE blaming Shorewall. What I
meant to say was, "To establish that Shorewall is the problem we need
to gather so more solid facts."

Dominique, if this is something (the problem that your describing),
that you can replicate at will, then thats half the battle and makes
trouble shooting allot easier believe it or not. E.G. on an internal
windows machine install and start "ethereal" while doing one of your
big file transfers that causes your problem. 
Install "ehtereal on the Shorewall machine and have it sniff off "ppp0"
at the same time you doing the huge file transfer.

Both ethereal captures along with the Shorewall logs and the info that
your providing here in this post and the next should isolate where the
problem is actually occurring.

You said:
>The Max MTU set on my PPPoE connection (in PPPoE config) is 1412,just
>in case.I tried with various numbers between 1412 and 1492, but to

My response:
Did you do this on the machine running Shorewall or a machine behind

My recommendation is to set your mtu on a windows machine too a more
than safe minimum of 1448 bytes. Turn on ethereal on this machine and
the shorewall machine and start your big file transfer on this machine.
(For adjusting MTU values on windows 9x machines I reccommend an app
called Dr. Tcp.) Google it and you'll find it. This way you don't have
to mess with the registry. This app does it for you on the fly. Make
sure to read the documentation. There's not much to read.

I noticed that you had eth0 and eth1. Tell us a little more about your
network please. I.E. which one is local and which is your Dmz?

So is this something that you can replicate?

If so then what kind of application are you using?Brand name please...
to do what kind of file transfers? Ftp, smtp, http, tftp, telnet,
rsync....(and for those, any particular flavor) apache, proftp,
postfix, qmail sendmail..yada..yadd..yada.. ?? Are you uploading or
downloading??. Is this using Tcp, Udp, Ipsec ect.. ect...

And just to make sure I understand you correctly this is happening when
internal clients are transferring big files to servers out on the
EXteranl internet somewhere?? Not a server on the dmz or a server
located on an internal WAN? 

Joshua Banks

Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.

More information about the Shorewall-users mailing list