Hi all,
I am having some problems with PPPOE and NAT. We are trying to connect an ADSL line via PPPOE on our Mikrotik Box, but the ADSL line has a dynamic address. To get it to work I have had to use masquerade, the propblem with masquerade is that certain traffic such as msn messenger and ssl sites don’t work…
Has someone put together a similar setup and how did you get by these shortfalls… I would ideally like to use NAT…
Thanks,
Tim
Tim
Windows Messenger requires UPnP to fully function when it’s behind a NAT device. Try turning this on.
Haven’t seen SSL problems with NAT. It’s usually something else such as MTU size.
Regards
Andrew
Hi Andrew,
Thanks for your reply.
I think I might not have been clear… I can’t use NAT with PPPOE and an ADSL line with dynamic IP addressing. I want to be able to. the only way I have been able to get it to work is to masquerade in the destination nat list, but then I get the MSN / SSL issues on some sites…
Any thoughts?
Tim
Masquerade is basically Source address NAT. You should be using Masquerade in this context.
You need a mangle rule to clamp the MSS to get around MTU problems. The rule looks like this:
/ip firewall mangle
protocol=tcp tcp-options=syn-only action=passthrough tcp-mss=1360
You may need to play with MSS size but I find 1360 works in most cases.
Regards
Andrew
Expensive friend andrewluck. I am having the same problem that our friend above. I am using the PPPoE and Masquerade, and what this happening here that some customers mine the great majority for end, is falling direct the MSN and the times does not open site of the Hotmail. In/server interface pppoe, this defined MTU MRU the 1488. E in/IP firewall mangle, automatically when the customer connects way pppoe ja is added automatico a rule, with TCP MSS the 1440. What I must make to stop to fall the MSN? to increase the MTU or To diminish TCP MSS? Grateful.