PPPoE Bridging for DSL line problem with NAT

triabita · April 16, 2005, 12:48pm

Hello, i have been trying to create a PPPoE bridge with my local aDSL provider for the past week with no success.

I have tryed numerous combinations of settings and nothing has worked. I use M/T 2.8.26 and have setup a PPPoE client interface that connects ok to my ISP as the status reports.

In any of my trial occasions i had the following odd results:

Some web pages like google.com loaded and worked perfectly (all subpages as well news.google.com etcetc) Other pages would not load at all.
DNS requests where ok, they resolved
Other services had disrupting problems but generaly they worked, e.g. FTP connects but does not go any further, same with IRC.
Using torch i realised that all page requests we made did make it to the server but the server did not propably NAT them correctly and forward the packets to the computer that requested them.

The initial configuration with the variations are as follows:

PPPoE Client Interface:
MTU / MRU: 1480 and 1500 (tryed both)
Interface: aDSL (the ethernet that connects with the dsl modem)
Service: Both checked and unchecked (couldn’t figure out what it does)
Profile: Custom profile (explained later)
Dial on demand: Unchecked
Add Default Route: Checked
Use Peer DNS: Tryed both checked/unchecked
Allow: PAP only (works)

PPP Profile: DSLProfile
Local Address: 0.0.0.0 and our static IP (tryed both)
Remote Address: 0.0.0.0
Incoming Filter: Input
Outgoing Filter: Output
No DNS/WINS server set or no compresion / encryption checked

No limits

We tryed both checking / unchecking the settings: “Only One” and “Change TCP MSS”

Source NAT Roule:
Src Addr: 192.168.0.0/16 (we have 5-6 192.168.x.x subnets)
Dst Addr: 0.0.0.0/0

Out Interface: WLAN-aDSL (PPPoE interface)
Protocol: All
Action: Masquerade
To src addresses: 0.0.0.0 - 0.0.0.0 or [staticIP] - [staticIP]
To src ports: 0-65535

I am totaly exhausted, these settings are simple and i have been setting up NAT configurations for many years, why doesn’t it work???

Triabita

andrewluck · April 16, 2005, 2:25pm

Try the following:

/ip firewall mangle add protocol=tcp tcp-options=syn-only action=passthrough tcp-mss=1360

Regards

Andrew

gianluca · April 17, 2005, 4:56pm

may I ask you how do you phisically connect the adsl to the MK ? putting in bridge the adsl ?

triabita · April 20, 2005, 8:07am

Physicaly they are connected with a cross over ethernet cable.

Andrewluck unfortunately that did not do the trick.

I have been doing extensive search for this problem over the past week and the only related article i have found is this:
page from bruno.pmi.lv via Google cache

Please give a hand

nhalachev · April 20, 2005, 9:41am

Please post your config , including:
/interface ethernet
/interface pppoe-client
/ppp profile
/ip address
/ip route
/ip firewall rile | src-nat | mangle
/ip dns

triabita · April 20, 2005, 10:05am

[configuration deleted for obvious reasons]

nhalachev · April 20, 2005, 10:58am

One more thing:
/system resource irq print

triabita · April 20, 2005, 11:56am

[admin@MikroTik] > system resource irq print
Flags: U - unused
IRQ OWNER
1 keyboard
2 APIC
U 3
4 serial port
5 [SysKonnect SK-98xx]
U 6
U 7
U 8
U 9
10 [usb-uhci]
10 WiFi
10 aDSL
11 [SysKonnect SK-98xx]
12 [SysKonnect SK-98xx]
U 13
14 IDE 1

nhalachev · April 20, 2005, 12:11pm

May be here is your problem …

triabita · April 20, 2005, 12:42pm

Aren’t the IRQ conflict problems supposed to be a nightmare from the last decade?

I will look into it though by disabling the usb.

I must tell you, the aDSL interface works perfectly since ever. (the current configuration is for routing internet traffic through the aDSL interface where the DSL modem does the NATing to the world)

So i don’t think it’s that, i’ll try it anyway just to be sure

triabita · April 24, 2005, 2:30pm

AndrewLuck i finaly made it working!

After some clean minded approach to the matter i reseted all my configurations and started seting it up from scratch.

Only with your advice the PPPoE Nat worked perfectly!

can you explain to me what this line does exactly? i don’t seem to get it… and why isn’t it put automaticaly in the mangle rules?

Does this affect any other aspects of networking?

Thanks a million!

andrewluck · April 25, 2005, 8:48am

What this mangle rule does is to tell all hosts to which the router makes a connection, ‘Don’t ever send me a packet bigger than xxx’, where ‘xxx’ is the size you’ve specified in TCP-MSS. This has pretty much the same effect as walking around your network and setting the MTU value on each host to xxx, but, there’s a lot less walking involved

The default setting for MTU is 1500. So, when your PC puts out a packet of this size, when it gets to the router it gets encapsulated with a PPPoE header. This packet will need fragmenting as it is now too big to fit in a single packet. To get round this we get the PC to output a smaller packet.

In the old days, your PC used to be able to perform Path Discovery to determine the largest size packet it could send over a particular connection. These days, this is pretty much guaranteed to fail as the packets used are filtered by a lot of routers, hence the requirement for MSS clamping.

Regards

Andrew